1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index 1b79383de0..346cab0a40 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_constraints.c,v 1.30 2022/11/28 07:22:15 tb Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.31 2022/12/26 07:18:53 jmc Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -192,7 +192,7 @@ x509_constraints_names_dup(struct x509_constraints_names *names)
 * 5890 compliant A-labels (see RFC 6066 section 3). This is more
 * permissive to allow for a leading '.'  for a subdomain based
 * constraint, as well as allowing for '_' which is commonly accepted
- * by nonconformant DNS implementaitons.
+ * by nonconformant DNS implementations.
 *
 * if "wildcards" is set it allows '*' to occur in the string at the end of a
 * component.
@@ -587,7 +587,7 @@ x509_constraints_sandns(char *sandns, size_t dlen, char *constraint, size_t len)
 * returns 1 if the domain and constraint match.
 * returns 0 otherwise.
 *
- * an empty constraint matches everyting.
+ * an empty constraint matches everything.
 * constraint will be matched against the domain as a suffix if it
 * starts with a '.'.
 * domain will be matched against the constraint as a suffix if it
@@ -651,10 +651,10 @@ x509_constraints_uri(uint8_t *uri, size_t ulen, uint8_t *constraint,
 }
 /*
- * Verify a validated address of size alen with a validated contraint
+ * Verify a validated address of size alen with a validated constraint
 * of size constraint_len. returns 1 if matching, 0 if not.
 * Addresses are assumed to be pre-validated for a length of 4 and 8
- * respectively for ipv4 addreses and constraints, and a length of
+ * respectively for ipv4 addresses and constraints, and a length of
 * 16 and 32 respectively for ipv6 address constraints by the caller.
 */
 int
@@ -909,7 +909,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
                        vname = NULL;
                }
                /*
-                 * Include the CN as a hostname to be checked againt
+                 * Include the CN as a hostname to be checked against
                 * name constraints if it looks like a hostname.
                 */
                while (include_cn &&
@@ -1210,7 +1210,7 @@ x509_constraints_check(struct x509_constraints_names *names,
 /*
 * Walk a validated chain of X509 certs, starting at the leaf, and
 * validate the name constraints in the chain. Intended for use with
- * the legacy X509 validtion code in x509_vfy.c
+ * the legacy X509 validation code in x509_vfy.c
 *
 * returns 1 if the constraints are ok, 0 otherwise, setting error and
 * depth

diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c index 1b79383de0..346cab0a40 100644 --- a/src/lib/libcrypto/x509/x509_constraints.c +++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_constraints.c,v 1.30 2022/11/28 07:22:15 tb Exp $ */	1	/* $OpenBSD: x509_constraints.c,v 1.31 2022/12/26 07:18:53 jmc Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -192,7 +192,7 @@ x509_constraints_names_dup(struct x509_constraints_names *names)
192	* 5890 compliant A-labels (see RFC 6066 section 3). This is more	192	* 5890 compliant A-labels (see RFC 6066 section 3). This is more
193	* permissive to allow for a leading '.' for a subdomain based	193	* permissive to allow for a leading '.' for a subdomain based
194	* constraint, as well as allowing for '_' which is commonly accepted	194	* constraint, as well as allowing for '_' which is commonly accepted
195	* by nonconformant DNS implementaitons.	195	* by nonconformant DNS implementations.
196	*	196	*
197	* if "wildcards" is set it allows '*' to occur in the string at the end of a	197	* if "wildcards" is set it allows '*' to occur in the string at the end of a
198	* component.	198	* component.
@@ -587,7 +587,7 @@ x509_constraints_sandns(char sandns, size_t dlen, char constraint, size_t len)
587	* returns 1 if the domain and constraint match.	587	* returns 1 if the domain and constraint match.
588	* returns 0 otherwise.	588	* returns 0 otherwise.
589	*	589	*
590	* an empty constraint matches everyting.	590	* an empty constraint matches everything.
591	* constraint will be matched against the domain as a suffix if it	591	* constraint will be matched against the domain as a suffix if it
592	* starts with a '.'.	592	* starts with a '.'.
593	* domain will be matched against the constraint as a suffix if it	593	* domain will be matched against the constraint as a suffix if it
@@ -651,10 +651,10 @@ x509_constraints_uri(uint8_t uri, size_t ulen, uint8_t constraint,
651	}	651	}
652		652
653	/*	653	/*
654	* Verify a validated address of size alen with a validated contraint	654	* Verify a validated address of size alen with a validated constraint
655	* of size constraint_len. returns 1 if matching, 0 if not.	655	* of size constraint_len. returns 1 if matching, 0 if not.
656	* Addresses are assumed to be pre-validated for a length of 4 and 8	656	* Addresses are assumed to be pre-validated for a length of 4 and 8
657	* respectively for ipv4 addreses and constraints, and a length of	657	* respectively for ipv4 addresses and constraints, and a length of
658	* 16 and 32 respectively for ipv6 address constraints by the caller.	658	* 16 and 32 respectively for ipv6 address constraints by the caller.
659	*/	659	*/
660	int	660	int
@@ -909,7 +909,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
909	vname = NULL;	909	vname = NULL;
910	}	910	}
911	/*	911	/*
912	* Include the CN as a hostname to be checked againt	912	* Include the CN as a hostname to be checked against
913	* name constraints if it looks like a hostname.	913	* name constraints if it looks like a hostname.
914	*/	914	*/
915	while (include_cn &&	915	while (include_cn &&
@@ -1210,7 +1210,7 @@ x509_constraints_check(struct x509_constraints_names *names,
1210	/*	1210	/*
1211	* Walk a validated chain of X509 certs, starting at the leaf, and	1211	* Walk a validated chain of X509 certs, starting at the leaf, and
1212	* validate the name constraints in the chain. Intended for use with	1212	* validate the name constraints in the chain. Intended for use with
1213	* the legacy X509 validtion code in x509_vfy.c	1213	* the legacy X509 validation code in x509_vfy.c
1214	*	1214	*
1215	* returns 1 if the constraints are ok, 0 otherwise, setting error and	1215	* returns 1 if the constraints are ok, 0 otherwise, setting error and
1216	* depth	1216	* depth