From: tb <tb@openbsd.org>
Date: Wed, 24 Nov 2021 19:22:14 +0000 (+0000)
Subject: Add certificate transparency methods to the standard extensions.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6a95fe1bc24a73e31d58d580f98040b2d316f164;p=openbsd

Add certificate transparency methods to the standard extensions.

This way, CT extensions in certs will be parsed by the new CT code
when they are encountered. This gets rid of a lot of gibberish when
looking at a cert with 'openssl x509 -text -noout -in server.pem'

ok beck jsing
---

diff --git a/lib/libcrypto/x509/ext_dat.h b/lib/libcrypto/x509/ext_dat.h
index 18d60b761d3..59815c95a60 100644
--- a/lib/libcrypto/x509/ext_dat.h
+++ b/lib/libcrypto/x509/ext_dat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ext_dat.h,v 1.3 2021/09/02 21:27:26 job Exp $ */
+/* $OpenBSD: ext_dat.h,v 1.4 2021/11/24 19:22:14 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -73,6 +73,7 @@ extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
 extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
 extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
 extern const X509V3_EXT_METHOD v3_addr, v3_asid;
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
 
 /* This table will be searched using OBJ_bsearch so it *must* kept in
  * order of the ext_nid values.
@@ -129,6 +130,11 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
 	&v3_idp,
 	&v3_alt[2],
 	&v3_freshest_crl,
+#ifndef OPENSSL_NO_CT
+	&v3_ct_scts[0],
+	&v3_ct_scts[1],
+	&v3_ct_scts[2],
+#endif
 };
 
 /* Number of standard extensions */