openssl/test/certs/badalt6-cert.pem
Viktor Dukhovni d02d80b2e8 Limit scope of CN name constraints
Don't apply DNS name constraints to the subject CN when there's a
least one DNS-ID subjectAlternativeName.

Don't apply DNS name constraints to subject CN's that are sufficiently
unlike DNS names.  Checked name must have at least two labels, with
all labels non-empty, no trailing '.' and all hyphens must be
internal in each label.  In addition to the usual LDH characters,
we also allow "_", since some sites use these for hostnames despite
all the standards.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2018-05-23 11:12:13 -04:00

21 lines
1.2 KiB
Text

-----BEGIN CERTIFICATE-----
MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
IE5DIENBIDEwIBcNMTgwNTE2MDMyNjMyWhgPMjExODA1MTcwMzI2MzJaMGkxIjAg
BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDYxFzAVBgNVBAMMDm90aGVy
Lmdvb2Qub3JnMRMwEQYDVQQDDApKb2UgQmxvZ2dzMRUwEwYDVQQDDAxhbnkuZ29v
ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl46xhstHmmYhp
XY/FcnQStR4XHtHcNRyvq1perl0fezeCY85KkddGppic5qIWQDL4ViP3HfvhMlDZ
E0tAjEfr8Auac9gpa2IFVJAzMnnzOkhO6cr5kmid4392tNCG5sUWS99t2Z4f9sOP
DQKdoN7lnmxnpZqNf9NUERsN5i4fcvErfQZ4LqV5ld810ZAQZUfarn1rg6/U/ADc
qA0uQgk9RxVgSDt3M5mi8AaC73Be9nAefXQUybzs6J8EfsDijhD85msxs4Fha4pg
gM+bXHv9C7whxM5F2WTeET0cIcAfE3+jzQlkjcjlS1rTEq4d0Pd+1rXkhMwZeze2
KRL2Le8jAgMBAAGjezB5MB0GA1UdDgQWBBRJJljvheyfKr9neNplhIMIFx25QjAf
BgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQQzAJBgNVHRMEAjAAMCwGA1Ud
EQQlMCOBDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG
9w0BAQsFAAOCAQEAPfRFkpkTsPlH54n/i3kxR8Hw17kUOV0/v39fnNzV+PXS/IIU
9OFfP7qNeuoWVQKXCwNWGWYXb7O0LNJMJQWWtyXtzWH3rOSxdSRIrTsCVHA41Lbo
te2nrfnGMtg6em51Do6Kk0JM304sVAWl5OY/eckBmuDgN/5WfZudOLd8Ohv8vZ6U
ZNoSBNpu1x5gfEPywMUGAgbkNZVpzNAfulx3/D2kWk0qwEKqnphUyaXiTVqO49gr
n1LwSVdqBcmapBmEO3puV4TBWFwM49iMMNGn0fp/JBVsLjt+q7TK96qGBo/BSEL+
e2TXTNpdkn3l+ZK2FYdf7s8fytoe+6o92dN+fA==
-----END CERTIFICATE-----