diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-02-13 14:47:14 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-02-17 13:45:28 +0100 |
commit | 40a9a1a450c2b3c045e7b9bfb8f3c3f13715f35d (patch) | |
tree | 9533d5642dc4eb3e005187ee841b2b4854a3a6f6 /lib/pkix.asn | |
parent | 4b4b7bf4614c9ad3dc553d385004f07da8becf9d (diff) | |
download | gnutls-40a9a1a450c2b3c045e7b9bfb8f3c3f13715f35d.tar.gz |
Added support for name constraints X.509 extension.
This allows to generate and read the name constraints extension,
as well as check against the DNSNAME value.
Diffstat (limited to 'lib/pkix.asn')
-rw-r--r-- | lib/pkix.asn | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/pkix.asn b/lib/pkix.asn index c468dcea05..aa0c57492a 100644 --- a/lib/pkix.asn +++ b/lib/pkix.asn @@ -655,4 +655,15 @@ CRLReason ::= ENUMERATED { privilegeWithdrawn (9), aACompromise (10) } +NameConstraints ::= SEQUENCE { + permittedSubtrees [0] GeneralSubtrees OPTIONAL, + excludedSubtrees [1] GeneralSubtrees OPTIONAL } + +GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree + +GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] INTEGER DEFAULT 0, + maximum [1] INTEGER OPTIONAL } + END |