[cas-dev] Certificate Path Length Verification bug in client authentication ?

[Velpi]

Cyril and others,

>         So, I would suggest the following change in
>         X509CredentialsAuthenticationHandler.java :
> 
>         Replacing:
> 
>           // check pathLength when CA cert
>           if (pathLength > this.maxPathLength) {
> 
>         By:
>           // check pathLength when CA cert
>           if (pathLength > this.maxPathLength && pathLength <
>         Integer.MAX_VALUE ) {


We're looking into this issue. I'm trying to imagine where this 
adjustment might cause issues/downgrade flexibility.

You'll find the answer to your question in this thread sithin a few 
days. (which could cause it to be patched, so this is the right way)

-- Velpi