Add nameConstraints commonName checking.

New hostname checking function asn1_valid_host() Check commonName entries against nameConstraints: any CN components in EE certificate which look like hostnames are checked against nameConstraints. Note that RFC5280 et al only require checking subject alt name against DNS name constraints. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-07-03 21:41:57 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2016-07-11 23:30:04 +0100
commit: 5bd5dcd49605ca2aa7931599894302a3ac4b0b04 (patch)
tree: 6a0b8a29f6688a2e97b098ee29f690f7b10ed041 /crypto/include/internal/asn1_int.h
parent: 1d03b7b893223b1b049cb992e5c57c9a10f5846c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
index 1bd1fab82f..aad047eacd 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -89,3 +89,5 @@ struct asn1_pctx_st {
     unsigned long oid_flags;
     unsigned long str_flags;
 } /* ASN1_PCTX */ ;
+
+int asn1_valid_host(const ASN1_STRING *host);
author	Dr. Stephen Henson <steve@openssl.org>	2016-07-03 21:41:57 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-07-11 23:30:04 +0100
commit	5bd5dcd49605ca2aa7931599894302a3ac4b0b04 (patch)
tree	6a0b8a29f6688a2e97b098ee29f690f7b10ed041 /crypto/include/internal/asn1_int.h
parent	1d03b7b893223b1b049cb992e5c57c9a10f5846c (diff)