delta/openssl-new.git - github.com: openssl/openssl.git

diff options

author	Viktor Dukhovni <openssl-users@dukhovni.org>	2018-05-15 23:41:20 -0400
committer	Viktor Dukhovni <openssl-users@dukhovni.org>	2018-05-23 11:12:13 -0400
commit	d02d80b2e80adfdde49f76cf7c7af4e013f45005 (patch)
tree	e9e137e02f0751435765ff251b07d58f710213e0 /test/testutil
parent	de9f5b3554274e27949941cbe74a07c8a5f25dbf (diff)
download	openssl-new-d02d80b2e80adfdde49f76cf7c7af4e013f45005.tar.gz

Limit scope of CN name constraints

Don't apply DNS name constraints to the subject CN when there's a least one DNS-ID subjectAlternativeName. Don't apply DNS name constraints to subject CN's that are sufficiently unlike DNS names. Checked name must have at least two labels, with all labels non-empty, no trailing '.' and all hyphens must be internal in each label. In addition to the usual LDH characters, we also allow "_", since some sites use these for hostnames despite all the standards. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>

Diffstat (limited to 'test/testutil')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: