From cfd9759c4fb32b65dfe075427983207327a03469 Mon Sep 17 00:00:00 2001
From: Gibheer <gibheer+git@zero-knowledge.org>
Date: Wed, 10 Jun 2026 18:32:28 +0200
Subject: fix maximum path len for certificates

When no maximum ca length was given, it was interpreted as a free for
all and blocked the certificate generation for normal certificates.
---
 certificate.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'certificate.go')

diff --git a/certificate.go b/certificate.go
index b90e9fa..9203e57 100644
--- a/certificate.go
+++ b/certificate.go
@@ -127,7 +127,7 @@ func (c *CertificateRequest) ToCertificate(private_key PrivateKey,
 	if cert_opts.IsCA {
 		template.BasicConstraintsValid = true
 	}
-	if cert_opts.CALength >= 0 {
+	if cert_opts.CALength > 0 {
 		template.MaxPathLen = cert_opts.CALength
 		template.MaxPathLenZero = true
 		template.BasicConstraintsValid = true
-- 
cgit v1.3.1