From 6a95fe1bc24a73e31d58d580f98040b2d316f164 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 24 Nov 2021 19:22:14 +0000 Subject: [PATCH] Add certificate transparency methods to the standard extensions. This way, CT extensions in certs will be parsed by the new CT code when they are encountered. This gets rid of a lot of gibberish when looking at a cert with 'openssl x509 -text -noout -in server.pem' ok beck jsing --- lib/libcrypto/x509/ext_dat.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/libcrypto/x509/ext_dat.h b/lib/libcrypto/x509/ext_dat.h index 18d60b761d3..59815c95a60 100644 --- a/lib/libcrypto/x509/ext_dat.h +++ b/lib/libcrypto/x509/ext_dat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ext_dat.h,v 1.3 2021/09/02 21:27:26 job Exp $ */ +/* $OpenBSD: ext_dat.h,v 1.4 2021/11/24 19:22:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -73,6 +73,7 @@ extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; extern const X509V3_EXT_METHOD v3_addr, v3_asid; +extern const X509V3_EXT_METHOD v3_ct_scts[3]; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -129,6 +130,11 @@ static const X509V3_EXT_METHOD *standard_exts[] = { &v3_idp, &v3_alt[2], &v3_freshest_crl, +#ifndef OPENSSL_NO_CT + &v3_ct_scts[0], + &v3_ct_scts[1], + &v3_ct_scts[2], +#endif }; /* Number of standard extensions */ -- 2.20.1