diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-07-03 21:41:57 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-07-11 23:30:04 +0100 |
commit | 5bd5dcd49605ca2aa7931599894302a3ac4b0b04 (patch) | |
tree | 6a0b8a29f6688a2e97b098ee29f690f7b10ed041 /crypto/include | |
parent | 1d03b7b893223b1b049cb992e5c57c9a10f5846c (diff) | |
download | openssl-new-5bd5dcd49605ca2aa7931599894302a3ac4b0b04.tar.gz |
Add nameConstraints commonName checking.
New hostname checking function asn1_valid_host()
Check commonName entries against nameConstraints: any CN components in
EE certificate which look like hostnames are checked against
nameConstraints.
Note that RFC5280 et al only require checking subject alt name against
DNS name constraints.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/include')
-rw-r--r-- | crypto/include/internal/asn1_int.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h index 1bd1fab82f..aad047eacd 100644 --- a/crypto/include/internal/asn1_int.h +++ b/crypto/include/internal/asn1_int.h @@ -89,3 +89,5 @@ struct asn1_pctx_st { unsigned long oid_flags; unsigned long str_flags; } /* ASN1_PCTX */ ; + +int asn1_valid_host(const ASN1_STRING *host); |