Allow IP addresses to be specified in a URI.

Our checking here was a bit too aggressive, and did not permit an IP address in a URI. IP's in a URI are allowed for things like CRLdp's AIA, SAN URI's etc.). The check for this was also slightly flawed as we would permit an IP if memory allocation failed while checking for an IP. Correct both issues. ok tb@
author: beck <> 2023-09-29 15:53:59 +0000
committer: beck <> 2023-09-29 15:53:59 +0000
commit: 80b641926ef387afe18b1bf1d78decf21db0f607 (patch)
tree: 9289b67644f1ef47e15e9b80e3105d2ff11da1d2 /src/lib/libcrypto/x509/x509_internal.h
parent: dd01ca8fa5d2ff1045b2df7c0d9e0460a5727bb0 (diff)
download: openbsd-80b641926ef387afe18b1bf1d78decf21db0f607.tar.gz
openbsd-80b641926ef387afe18b1bf1d78decf21db0f607.tar.bz2
openbsd-80b641926ef387afe18b1bf1d78decf21db0f607.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h
index c4222bcfe5..15efff6097 100644
--- a/src/lib/libcrypto/x509/x509_internal.h
+++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_internal.h,v 1.25 2023/01/28 19:08:09 tb Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.26 2023/09/29 15:53:59 beck Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -111,7 +111,7 @@ struct x509_constraints_names *x509_constraints_names_new(size_t names_max);
 int x509_constraints_general_to_bytes(GENERAL_NAME *name, uint8_t **bytes,
    size_t *len);
 void x509_constraints_names_free(struct x509_constraints_names *names);
-int x509_constraints_valid_host(CBS *cbs);
+int x509_constraints_valid_host(CBS *cbs, int permit_ip);
 int x509_constraints_valid_sandns(CBS *cbs);
 int x509_constraints_domain(char *domain, size_t dlen, char *constraint,
    size_t len);
author	beck <>	2023-09-29 15:53:59 +0000
committer	beck <>	2023-09-29 15:53:59 +0000
commit	80b641926ef387afe18b1bf1d78decf21db0f607 (patch)
tree	9289b67644f1ef47e15e9b80e3105d2ff11da1d2 /src/lib/libcrypto/x509/x509_internal.h
parent	dd01ca8fa5d2ff1045b2df7c0d9e0460a5727bb0 (diff)
download	openbsd-80b641926ef387afe18b1bf1d78decf21db0f607.tar.gz openbsd-80b641926ef387afe18b1bf1d78decf21db0f607.tar.bz2 openbsd-80b641926ef387afe18b1bf1d78decf21db0f607.zip

diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h index c4222bcfe5..15efff6097 100644 --- a/src/lib/libcrypto/x509/x509_internal.h +++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_internal.h,v 1.25 2023/01/28 19:08:09 tb Exp $ */	1	/* $OpenBSD: x509_internal.h,v 1.26 2023/09/29 15:53:59 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -111,7 +111,7 @@ struct x509_constraints_names *x509_constraints_names_new(size_t names_max);
111	int x509_constraints_general_to_bytes(GENERAL_NAME name, uint8_t *bytes,	111	int x509_constraints_general_to_bytes(GENERAL_NAME name, uint8_t *bytes,
112	size_t *len);	112	size_t *len);
113	void x509_constraints_names_free(struct x509_constraints_names *names);	113	void x509_constraints_names_free(struct x509_constraints_names *names);
114	int x509_constraints_valid_host(CBS *cbs);	114	int x509_constraints_valid_host(CBS *cbs, int permit_ip);
115	int x509_constraints_valid_sandns(CBS *cbs);	115	int x509_constraints_valid_sandns(CBS *cbs);
116	int x509_constraints_domain(char domain, size_t dlen, char constraint,	116	int x509_constraints_domain(char domain, size_t dlen, char constraint,
117	size_t len);	117	size_t len);