Added support for name constraints X.509 extension.

This allows to generate and read the name constraints extension, as well as check against the DNSNAME value.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-02-13 14:47:14 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-02-17 13:45:28 +0100
commit: 40a9a1a450c2b3c045e7b9bfb8f3c3f13715f35d (patch)
tree: 9533d5642dc4eb3e005187ee841b2b4854a3a6f6 /lib/pkix.asn
parent: 4b4b7bf4614c9ad3dc553d385004f07da8becf9d (diff)
download: gnutls-40a9a1a450c2b3c045e7b9bfb8f3c3f13715f35d.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/pkix.asn b/lib/pkix.asn
index c468dcea05..aa0c57492a 100644
--- a/lib/pkix.asn
+++ b/lib/pkix.asn
@@ -655,4 +655,15 @@ CRLReason ::= ENUMERATED {
      privilegeWithdrawn      (9),
      aACompromise           (10) }
 
+NameConstraints ::= SEQUENCE {
+     permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
+     excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
+
+GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
+
+GeneralSubtree ::= SEQUENCE {
+     base                    GeneralName,
+     minimum         [0]     INTEGER DEFAULT 0,
+     maximum         [1]     INTEGER OPTIONAL }
+
 END
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-02-13 14:47:14 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-02-17 13:45:28 +0100
commit	40a9a1a450c2b3c045e7b9bfb8f3c3f13715f35d (patch)
tree	9533d5642dc4eb3e005187ee841b2b4854a3a6f6 /lib/pkix.asn
parent	4b4b7bf4614c9ad3dc553d385004f07da8becf9d (diff)
download	gnutls-40a9a1a450c2b3c045e7b9bfb8f3c3f13715f35d.tar.gz