artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 736ebdd) | patch
Validate Subject Alternate Names when they are being added to certificates.
authorbeck <beck@openbsd.org>
Tue, 26 Oct 2021 09:09:53 +0000 (09:09 +0000)
committerbeck <beck@openbsd.org>
Tue, 26 Oct 2021 09:09:53 +0000 (09:09 +0000)
commitecede11ebf80d5b949654dc4694e771ed95f2abd
treef31935f44745828388c46ff3302ce2f4b83c7bfdtree | snapshot
parent736ebdd8c99cae173ee8f501cd59086b6462eb3bcommit | diff
Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@
lib/libcrypto/x509/x509_alt.c diff | blob | history
lib/libcrypto/x509/x509_constraints.c diff | blob | history
lib/libcrypto/x509/x509_internal.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim