projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1d03b7b) | patch
Add nameConstraints commonName checking.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 3 Jul 2016 20:41:57 +0000 (21:41 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 11 Jul 2016 22:30:04 +0000 (23:30 +0100)
commit5bd5dcd49605ca2aa7931599894302a3ac4b0b04
tree6a0b8a29f6688a2e97b098ee29f690f7b10ed041tree | snapshot
parent1d03b7b893223b1b049cb992e5c57c9a10f5846ccommit | diff
Add nameConstraints commonName checking.

New hostname checking function asn1_valid_host()

Check commonName entries against nameConstraints: any CN components in
EE certificate which look like hostnames are checked against
nameConstraints.

Note that RFC5280 et al only require checking subject alt name against
DNS name constraints.

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/asn1/a_strex.c diff | blob | history
crypto/asn1/charmap.h diff | blob | history
crypto/asn1/charmap.pl diff | blob | history
crypto/include/internal/asn1_int.h diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
crypto/x509v3/v3_ncons.c diff | blob | history
include/openssl/x509v3.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.