check_chain_extensions(): Add check that on empty Subject the SAN must be marked critical

Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12478)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-08-25 16:46:18 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-09-11 07:42:22 +0200
commit: da6c691d6d417ad413fdc1e7a7a183d005e7fefd (patch)
tree: f2aafc6b4b593e289ebf52719d8dd6ae427aeefe /crypto/x509/v3_purp.c
parent: 89f13ca4342be5b541b0885e3058617e5cce0de8 (diff)
download: openssl-new-da6c691d6d417ad413fdc1e7a7a183d005e7fefd.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
index bced482df4..2d4098b629 100644
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -608,6 +608,9 @@ int x509v3_cache_extensions(X509 *x)
         case NID_subject_key_identifier:
             x->ex_flags |= EXFLAG_SKID_CRITICAL;
             break;
+        case NID_subject_alt_name:
+            x->ex_flags |= EXFLAG_SAN_CRITICAL;
+            break;
         default:
             break;
         }
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-08-25 16:46:18 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-09-11 07:42:22 +0200
commit	da6c691d6d417ad413fdc1e7a7a183d005e7fefd (patch)
tree	f2aafc6b4b593e289ebf52719d8dd6ae427aeefe /crypto/x509/v3_purp.c
parent	89f13ca4342be5b541b0885e3058617e5cce0de8 (diff)
download	openssl-new-da6c691d6d417ad413fdc1e7a7a183d005e7fefd.tar.gz