openssl

History

Luiz Angelo Daros de Luca dd36fce023 OpenSSL is able to generate a certificate with name constraints with any possible subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP as an example: nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 However, until now, the verify code for IP name contraints did not exist. Any check with a IP Address Name Constraint results in a "unsupported name constraint type" error. This patch implements support for IP Address Name Constraint (v4 and v6). This code validaded correcly certificates with multiple IPv4/IPv6 address checking against a CA certificate with these constraints: permitted;IP.1=10.9.0.0/255.255.0.0 permitted;IP.2=10.48.0.0/255.255.0.0 permitted;IP.3=10.148.0.0/255.255.0.0 permitted;IP.4=fdc8:123f:e31f::/ffff:ffff:ffff:: Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>		2014-05-23 23:05:38 +01:00
..
.cvsignore	Add emacs cache files to .cvsignore.	2005-04-11 14:17:07 +00:00
ext_dat.h	Move CT viewer extension code to crypto/x509v3	2014-02-20 18:48:56 +00:00
Makefile	make depend	2014-04-25 14:31:05 -04:00
pcy_cache.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
pcy_data.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
pcy_int.h	Update obsolete email address...	2008-11-05 18:39:08 +00:00
pcy_lib.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
pcy_map.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
pcy_node.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
pcy_tree.c	misspellings fixes by https://github.com/vlajos/misspell_fixer	2013-09-05 21:39:42 +01:00
tabtest.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_addr.c	Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)	2012-01-04 23:01:54 +00:00
v3_akey.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_akeya.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_alt.c	Missing break.	2009-08-31 22:19:26 +00:00
v3_asid.c	PR: 2696	2012-02-23 21:31:37 +00:00
v3_bcons.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_bitst.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_conf.c	option to replace extensions with new ones: mainly for creating cross-certificates	2010-03-03 20:13:30 +00:00
v3_cpols.c	Updates from 1.0.0-stable.	2009-04-15 15:27:03 +00:00
v3_crld.c	Updates from 1.0.0-stable branch.	2009-04-20 11:33:12 +00:00
v3_enum.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_extku.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_genn.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_ia5.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_info.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_int.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_lib.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_ncons.c	OpenSSL is able to generate a certificate with name constraints with any possible	2014-05-23 23:05:38 +01:00
v3_ocsp.c	PR: 2057	2009-09-30 23:55:53 +00:00
v3_pci.c	PR: 2251	2010-05-22 00:30:41 +00:00
v3_pcia.c	Add functionality needed to process proxy certificates.	2004-12-28 00:21:35 +00:00
v3_pcons.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_pku.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_pmaps.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_prn.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_purp.c	Extension checking fixes.	2014-04-15 18:50:53 +01:00
v3_scts.c	Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP.	2014-02-25 15:06:51 +00:00
v3_skey.c	Audit libcrypto for unchecked return values: fix all cases enountered	2009-09-23 23:43:49 +00:00
v3_sxnet.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3_utl.c	Fixes to host checking.	2014-05-21 11:31:28 +01:00
v3conf.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
v3err.c	Updates from 1.0.0-stable branch.	2009-04-20 11:33:12 +00:00
v3nametest.c	Fixes to host checking.	2014-05-21 11:31:28 +01:00
v3prin.c	Update obsolete email address...	2008-11-05 18:39:08 +00:00
x509v3.h	Fixes to host checking.	2014-05-21 11:31:28 +01:00