mirror of
https://github.com/openssl/openssl.git
synced 2025-03-13 19:47:47 +08:00
dd36fce023
subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP as an example: nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 However, until now, the verify code for IP name contraints did not exist. Any check with a IP Address Name Constraint results in a "unsupported name constraint type" error. This patch implements support for IP Address Name Constraint (v4 and v6). This code validaded correcly certificates with multiple IPv4/IPv6 address checking against a CA certificate with these constraints: permitted;IP.1=10.9.0.0/255.255.0.0 permitted;IP.2=10.48.0.0/255.255.0.0 permitted;IP.3=10.148.0.0/255.255.0.0 permitted;IP.4=fdc8:123f:e31f::/ffff:ffff:ffff:: Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> |
||
|---|---|---|
| .. | ||
| .cvsignore | ||
| ext_dat.h | ||
| Makefile | ||
| pcy_cache.c | ||
| pcy_data.c | ||
| pcy_int.h | ||
| pcy_lib.c | ||
| pcy_map.c | ||
| pcy_node.c | ||
| pcy_tree.c | ||
| tabtest.c | ||
| v3_addr.c | ||
| v3_akey.c | ||
| v3_akeya.c | ||
| v3_alt.c | ||
| v3_asid.c | ||
| v3_bcons.c | ||
| v3_bitst.c | ||
| v3_conf.c | ||
| v3_cpols.c | ||
| v3_crld.c | ||
| v3_enum.c | ||
| v3_extku.c | ||
| v3_genn.c | ||
| v3_ia5.c | ||
| v3_info.c | ||
| v3_int.c | ||
| v3_lib.c | ||
| v3_ncons.c | ||
| v3_ocsp.c | ||
| v3_pci.c | ||
| v3_pcia.c | ||
| v3_pcons.c | ||
| v3_pku.c | ||
| v3_pmaps.c | ||
| v3_prn.c | ||
| v3_purp.c | ||
| v3_scts.c | ||
| v3_skey.c | ||
| v3_sxnet.c | ||
| v3_utl.c | ||
| v3conf.c | ||
| v3err.c | ||
| v3nametest.c | ||
| v3prin.c | ||
| x509v3.h | ||