WSS-611 Fixes logic for extracting NameConstraint information from a cert. This closes #6.
Adds a new property so users can affirm that their cert provider can handle TrustAnchors with NameConstraints added and updates the Merlin and MerlinAKI crypto implementations to respect that and either add the NameConstraints or set them to null.
Includes changes made for WSS-612 (available in a separate commit) to fix the CertificateStore's handling of certificate chains.
Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
|