Luiz Angelo Daros de Luca
dd36fce023
OpenSSL is able to generate a certificate with name constraints with any possible ...
subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP
as an example:
nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
However, until now, the verify code for IP name contraints did not exist. Any
check with a IP Address Name Constraint results in a "unsupported name constraint
type" error.
This patch implements support for IP Address Name Constraint (v4 and v6). This code
validaded correcly certificates with multiple IPv4/IPv6 address checking against
a CA certificate with these constraints:
permitted;IP.1=10.9.0.0/255.255.0.0
permitted;IP.2=10.48.0.0/255.255.0.0
permitted;IP.3=10.148.0.0/255.255.0.0
permitted;IP.4=fdc8:123f:e31f::/ffff:ffff:ffff::
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2014-05-23 23:05:38 +01:00
2014-05-23 20:15:06 +02:00
2014-04-01 16:37:51 +01:00
2011-01-26 16:08:08 +00:00
2014-05-12 00:20:08 +01:00
2014-05-06 17:43:35 -04:00
2014-05-22 10:13:22 +01:00
2013-01-22 22:27:28 +01:00
2011-01-26 16:08:08 +00:00
2014-03-28 14:49:04 +00:00
2014-05-09 14:24:54 +01:00
2011-02-03 12:03:51 +00:00
2012-10-22 13:05:54 +00:00
2014-03-07 10:30:37 +01:00
2014-03-28 14:49:04 +00:00
2014-03-28 14:49:04 +00:00
2014-05-19 22:10:14 +01:00
2014-05-04 00:46:20 +01:00
2014-02-19 20:09:08 +00:00
2014-02-19 20:09:08 +00:00
2014-02-19 20:09:08 +00:00
2013-09-05 21:39:42 +01:00
2014-05-06 17:52:19 -04:00
2014-03-28 14:49:04 +00:00
2011-01-26 16:08:08 +00:00
2011-01-26 16:08:08 +00:00
2011-01-26 16:08:08 +00:00
2011-01-26 16:08:08 +00:00
2011-01-26 16:08:08 +00:00
2013-01-13 21:04:39 +00:00
2014-05-04 16:56:00 +02:00
2011-02-21 17:51:59 +00:00
2014-05-04 16:38:32 +02:00
2014-02-26 15:33:11 +00:00
2014-04-01 16:37:51 +01:00
2014-02-13 03:11:58 +00:00
2014-05-12 10:35:29 +02:00
2014-05-07 23:21:02 +01:00
2014-05-21 11:28:58 +01:00
2011-01-26 16:08:08 +00:00
2014-04-09 15:35:51 +01:00
2013-09-05 21:39:42 +01:00
2014-05-04 16:39:59 +02:00
2012-11-28 13:05:13 +00:00
2013-09-05 21:39:42 +01:00
2014-03-28 14:49:04 +00:00
2012-02-26 21:52:43 +00:00
2014-05-04 16:38:32 +02:00
2014-05-06 00:02:31 +01:00
2013-07-17 21:45:00 +01:00
2011-01-26 16:08:08 +00:00
2009-05-15 16:36:56 +00:00
2014-04-22 16:58:43 +01:00
2011-01-26 16:08:08 +00:00
2012-02-11 23:41:19 +00:00
2013-01-22 22:27:28 +01:00
2014-05-21 11:31:28 +01:00
2014-05-23 23:05:38 +01:00
2008-04-17 10:19:16 +00:00
2011-08-12 12:28:52 +00:00
2014-05-04 10:55:49 +02:00
2014-05-04 10:55:49 +02:00
2014-05-04 10:55:49 +02:00
2014-05-04 16:38:32 +02:00
2011-05-19 18:09:02 +00:00
2014-02-25 13:40:33 +00:00
2011-06-23 09:46:27 +00:00
2014-02-20 18:48:56 +00:00
2014-02-19 18:02:04 +00:00
2004-04-19 18:09:28 +00:00
2003-10-29 22:25:04 +00:00
2000-02-01 02:21:16 +00:00
2008-07-04 23:12:52 +00:00
2011-10-22 17:24:27 +00:00
2011-02-03 16:16:30 +00:00
2011-05-07 20:36:05 +00:00
2011-03-19 10:58:14 +00:00
2011-02-14 17:05:42 +00:00
2004-07-10 13:16:02 +00:00
2004-09-23 22:11:39 +00:00
2011-03-19 10:58:14 +00:00
2004-09-23 22:11:39 +00:00
2006-10-23 07:41:05 +00:00
2004-09-23 22:11:39 +00:00
2014-02-19 20:09:08 +00:00
2013-10-13 19:15:15 +02:00
2007-06-23 18:47:51 +00:00
2009-04-20 11:33:12 +00:00
2012-06-03 22:00:21 +00:00
2004-07-10 13:16:02 +00:00
2004-08-03 19:15:21 +00:00
2004-07-10 13:16:02 +00:00
2011-05-19 18:09:02 +00:00
2012-07-01 22:25:04 +00:00
2013-01-19 21:23:13 +01:00
2005-09-20 20:19:07 +00:00
2014-02-19 18:02:04 +00:00
2005-12-16 10:37:24 +00:00
2009-03-31 10:38:37 +00:00
2013-08-05 15:45:01 +01:00
2013-06-18 10:37:00 +02:00
2013-11-27 22:50:00 +01:00
2013-10-15 00:14:39 +02:00
2010-09-18 08:46:53 +00:00
2011-04-17 12:46:00 +00:00
2012-11-17 10:34:11 +00:00
2013-02-11 10:39:50 +01:00
2013-12-28 13:31:14 +01:00
2013-09-06 13:59:13 +01:00
2012-09-17 17:21:58 +00:00
2003-11-28 13:10:58 +00:00
2011-03-19 10:58:14 +00:00
2014-02-14 17:24:12 +01:00
2014-02-14 17:24:12 +01:00
dd36fce023