extern const X509V3_EXT_METHOD ossl_v3_single_use;
extern const X509V3_EXT_METHOD ossl_v3_indirect_issuer;
extern const X509V3_EXT_METHOD ossl_v3_targeting_information;
+extern const X509V3_EXT_METHOD ossl_v3_holder_name_constraints;
+extern const X509V3_EXT_METHOD ossl_v3_delegated_name_constraints;
&ossl_v3_issuer_sign_tool,
&ossl_v3_tls_feature,
&ossl_v3_ext_admission,
+ &ossl_v3_delegated_name_constraints,
&ossl_v3_soa_identifier,
&ossl_v3_indirect_issuer,
&ossl_v3_no_assertion,
&ossl_v3_single_use,
- &ossl_v3_group_ac
+ &ossl_v3_group_ac,
+ &ossl_v3_holder_name_constraints,
};
/* Number of standard extensions */
NULL
};
+const X509V3_EXT_METHOD ossl_v3_holder_name_constraints = {
+ NID_holder_name_constraints, 0,
+ ASN1_ITEM_ref(NAME_CONSTRAINTS),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, v2i_NAME_CONSTRAINTS,
+ i2r_NAME_CONSTRAINTS, 0,
+ NULL
+};
+
+const X509V3_EXT_METHOD ossl_v3_delegated_name_constraints = {
+ NID_delegated_name_constraints, 0,
+ ASN1_ITEM_ref(NAME_CONSTRAINTS),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, v2i_NAME_CONSTRAINTS,
+ i2r_NAME_CONSTRAINTS, 0,
+ NULL
+};
+
ASN1_SEQUENCE(GENERAL_SUBTREE) = {
ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBsDCCAZygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDI0
+MTA0WhgPMjAyMTA4MzEwMjQxMDRaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABozcwNTAzBgNVHSoELDAqoCgwJqQe
+MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlgAEBgQEDMAsGCSqGSIb3DQEB
+BQMBAA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBsDCCAZygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDI0
+MTA0WhgPMjAyMTA4MzEwMjQxMDRaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABozcwNTAzBgNVHUUELDAqoCgwJqQe
+MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlgAEBgQEDMAsGCSqGSIb3DQEB
+BQMBAA==
+-----END CERTIFICATE-----
setup("test_x509");
-plan tests => 60;
+plan tests => 66;
# Prevent MSys2 filename munging for arguments that look like file paths but
# aren't
"Digest Type: Public Key",
1, 'X.509 Targeting Information Object Digest Type');
+my $hnc_cert = srctop_file(@certs, "ext-holderNameConstraints.pem");
+cert_contains($hnc_cert,
+ "X509v3 Holder Name Constraints",
+ 1, 'X.509 Holder Name Constraints');
+cert_contains($hnc_cert,
+ "Permitted:",
+ 1, 'X.509 Holder Name Constraints Permitted');
+cert_contains($hnc_cert,
+ "DirName:CN = Wildboar",
+ 1, 'X.509 Holder Name Constraint');
+
+my $dnc_cert = srctop_file(@certs, "ext-delegatedNameConstraints.pem");
+cert_contains($dnc_cert,
+ "X509v3 Delegated Name Constraints",
+ 1, 'X.509 Delegated Name Constraints');
+cert_contains($dnc_cert,
+ "Permitted:",
+ 1, 'X.509 Delegated Name Constraints Permitted');
+cert_contains($dnc_cert,
+ "DirName:CN = Wildboar",
+ 1, 'X.509 Delegated Name Constraint');
+
sub test_errors { # actually tests diagnostics of OSSL_STORE
my ($expected, $cert, @opts) = @_;
my $infile = srctop_file(@certs, $cert);
projects / thirdparty / openssl.git / commitdiff
