Initial support for name constraints certificate extension.

TODO: robustness checking on name forms.
author: Dr. Stephen Henson <steve@openssl.org> 2008-08-08 15:35:29 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2008-08-08 15:35:29 +0000
commit: e9746e03ee222b0123ac118f8952e161e7d48a2d (patch)
tree: 76d0d19a95ea0b66ea735c561ccd4afaaa742e49 /crypto/x509/x509_txt.c
parent: ab9c689ad387fcd209017fe45985b1938a0ee0df (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 3851869762..2017f86a77 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -168,6 +168,20 @@ const char *X509_verify_cert_error_string(long n)
 	return("Unsupported extension feature");
  	case X509_V_ERR_UNNESTED_RESOURCE:
  		return("RFC 3779 resource not subset of parent's resources");
+
+	case X509_V_ERR_PERMITTED_VIOLATION:
+		return("permitted subtree violation");
+	case X509_V_ERR_EXCLUDED_VIOLATION:
+		return("excluded subtree violation");
+	case X509_V_ERR_SUBTREE_MINMAX:
+		return("name constraints minimum and maximum not supported");
+	case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
+		return("unsupported name constraint type");
+	case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
+		return("unsupported or invalid name constraint syntax");
+	case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
+		return("unsupported or invalid name syntax");
+
 	default:
 		BIO_snprintf(buf,sizeof buf,"error number %ld",n);
 		return(buf);
author	Dr. Stephen Henson <steve@openssl.org>	2008-08-08 15:35:29 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2008-08-08 15:35:29 +0000
commit	e9746e03ee222b0123ac118f8952e161e7d48a2d (patch)
tree	76d0d19a95ea0b66ea735c561ccd4afaaa742e49 /crypto/x509/x509_txt.c
parent	ab9c689ad387fcd209017fe45985b1938a0ee0df (diff)