mirror of
https://github.com/openssl/openssl.git
synced 2024-12-09 05:51:54 +08:00
d02d80b2e8
Don't apply DNS name constraints to the subject CN when there's a least one DNS-ID subjectAlternativeName. Don't apply DNS name constraints to subject CN's that are sufficiently unlike DNS names. Checked name must have at least two labels, with all labels non-empty, no trailing '.' and all hyphens must be internal in each label. In addition to the usual LDH characters, we also allow "_", since some sites use these for hostnames despite all the standards. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
23 lines
1.3 KiB
Plaintext
23 lines
1.3 KiB
Plaintext
-----BEGIN CERTIFICATE-----
|
|
MIIDtjCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
|
|
IE5DIENBIDEwIBcNMTgwNTE2MDMyNzA5WhgPMjExODA1MTcwMzI3MDlaMIGmMTsw
|
|
OQYDVQQKHjIAQgBhAGQAIABOAEMAIABUAGUAcwB0ACAAQwBlAHIAdABpAGYAaQBj
|
|
AGEAdABlACAANzElMCMGA1UEAx4cAG8AdABoAGUAcgAuAGcAbwBvAGQALgBvAHIA
|
|
ZzEdMBsGA1UEAx4UAEoAbwBlACAAQgBsAG8AZwBnAHMxITAfBgNVBAMeGABhAG4A
|
|
eQAuAGcAbwBvAGQALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
|
ggEBAOG4PegItzkmJDwlSA/FyVHWLWUIQrnxgS0KSds3On2CMsjDJ+X77B4s1IPI
|
|
yKHuqNbXqV/hJGAxKnZRZe0D6VsmKlYOYpz9QtFxvpo5DwA3q6BTx6sIElFn/lip
|
|
Pbu5ZeIMNeN4bot7x5sBobr6OgidAVaAuqQHHJnD7mQ1s22qY0UqkBqNBhhJWOmx
|
|
YC0Q56WDi9+C7Cy2+kiiSlT4jCZ8m1K0F7tTK5mF0p4HppXmXLzcecZ/Sw8jOqQK
|
|
JM/4UCj/nxWCGYKWkv8zLJtG+ryfZMf15/0Cd1dzHAS9mYU4mFssPdFyT+WFpw7b
|
|
K3TOTXkS/tAPbj0xin2wqBJz8m8CAwEAAaN7MHkwHQYDVR0OBBYEFOWYNq+H1LH6
|
|
lZUpgijb/S/sAiDsMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkG
|
|
A1UdEwQCMAAwLAYDVR0RBCUwI4ENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29t
|
|
hwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQAwUxnqq0gBgKmEHIRgZVu10KtOknjt
|
|
p/wEcqQ9METvXb+4/a4U6ftjTgaOrPVjamNFlaoUcTgx2nk2zRsjM+e+tpnxDgRR
|
|
/yoVB3HsISpdeN70s/WYAgvev/FdV3O+JWhUYHdKrDB4DMfPhlRIfSgOymJljo6+
|
|
wL8qa7lVonF91Im4SCbq4dqtAnbg4ttblQ3yjFfQtuwzyJD/3ism6FQPLbg1K4eu
|
|
1Si0EDL4Fct581Gb5D+NU8PYiwg7Nk8ubNlRHXydoVGDLmT0hLE+/IsPd1M8tMqm
|
|
sifRl2Is+lGVeg4pPHFjB0npTNkaYafu89dz/3PNRRr5If06B+apk4AX
|
|
-----END CERTIFICATE-----
|