check_chain_extensions(): Add check that on empty Subject the SAN must be marked critical

Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12478)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-08-25 16:46:18 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-09-11 07:42:22 +0200
commit: da6c691d6d417ad413fdc1e7a7a183d005e7fefd (patch)
tree: f2aafc6b4b593e289ebf52719d8dd6ae427aeefe /include
parent: 89f13ca4342be5b541b0885e3058617e5cce0de8 (diff)
2 files changed, 5 insertions, 3 deletions
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index c568b0541c..53dff234ce 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -228,9 +228,10 @@ X509_LOOKUP_ctrl_with_libctx((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER     85
 # define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER       86
 # define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME               87
-# define X509_V_ERR_CA_BCONS_NOT_CRITICAL                88
-# define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL    89
-# define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL      90
+# define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL       88
+# define X509_V_ERR_CA_BCONS_NOT_CRITICAL                89
+# define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL    90
+# define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL      91
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 93f9347ac8..a3ef7ced3a 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -379,6 +379,7 @@ struct ISSUING_DIST_POINT_st {
 # define EXFLAG_BCONS_CRITICAL   0x10000
 # define EXFLAG_AKID_CRITICAL    0x20000
 # define EXFLAG_SKID_CRITICAL    0x40000
+# define EXFLAG_SAN_CRITICAL     0x80000
 
 # define KU_DIGITAL_SIGNATURE    0x0080
 # define KU_NON_REPUDIATION      0x0040
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-08-25 16:46:18 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-09-11 07:42:22 +0200
commit	da6c691d6d417ad413fdc1e7a7a183d005e7fefd (patch)
tree	f2aafc6b4b593e289ebf52719d8dd6ae427aeefe /include
parent	89f13ca4342be5b541b0885e3058617e5cce0de8 (diff)