summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_internal.h
diff options
context:
space:
mode:
authorbeck <>2021-10-26 09:09:53 +0000
committerbeck <>2021-10-26 09:09:53 +0000
commit114b306ace8b6d5ccf69c334419f3f4327c94656 (patch)
tree1ffab474bea99fad4d76253c4288a7854a26df0c /src/lib/libcrypto/x509/x509_internal.h
parent9f7bd15e5bde128cad352596dde1ad5d97d364be (diff)
downloadopenbsd-114b306ace8b6d5ccf69c334419f3f4327c94656.tar.gz
openbsd-114b306ace8b6d5ccf69c334419f3f4327c94656.tar.bz2
openbsd-114b306ace8b6d5ccf69c334419f3f4327c94656.zip
Validate Subject Alternate Names when they are being added to certificates.
With this change we will reject adding SAN DNS, EMAIL, and IP addresses that are malformed at certificate creation time. ok jsing@ tb@
Diffstat (limited to 'src/lib/libcrypto/x509/x509_internal.h')
-rw-r--r--src/lib/libcrypto/x509/x509_internal.h4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h
index 8891aecb13..90fafccae0 100644
--- a/src/lib/libcrypto/x509/x509_internal.h
+++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_internal.h,v 1.12 2021/09/03 08:58:53 beck Exp $ */ 1/* $OpenBSD: x509_internal.h,v 1.13 2021/10/26 09:09:53 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -106,6 +106,8 @@ struct x509_constraints_names *x509_constraints_names_dup(
106 struct x509_constraints_names *names); 106 struct x509_constraints_names *names);
107void x509_constraints_names_clear(struct x509_constraints_names *names); 107void x509_constraints_names_clear(struct x509_constraints_names *names);
108struct x509_constraints_names *x509_constraints_names_new(size_t names_max); 108struct x509_constraints_names *x509_constraints_names_new(size_t names_max);
109int x509_constraints_general_to_bytes(GENERAL_NAME *name, uint8_t **bytes,
110 size_t *len);
109void x509_constraints_names_free(struct x509_constraints_names *names); 111void x509_constraints_names_free(struct x509_constraints_names *names);
110int x509_constraints_valid_host(uint8_t *name, size_t len); 112int x509_constraints_valid_host(uint8_t *name, size_t len);
111int x509_constraints_valid_sandns(uint8_t *name, size_t len); 113int x509_constraints_valid_sandns(uint8_t *name, size_t len);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 18:35:36 +0000