]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4e9b542) | patch
x509: allow SAN URIs to contain userinfo
authorIvan Stanković <ivan.stankovic@wire.com>
Tue, 4 Mar 2025 16:30:34 +0000 (17:30 +0100)
committerDr. David von Oheimb <dev@ddvo.net>
Tue, 4 Mar 2025 16:30:34 +0000 (17:30 +0100)
commite599893a9fec932701ca824d73a794a0c9ce02e9
treef71c56cd38211cf27cd04bf6f197bd6a75217fa0tree
parent4e9b542868890428f0294a4ce53fcde68c1fcaf7commit | diff
x509: allow SAN URIs to contain userinfo

The way we're currently handling SAN URIs does not allow for userinfo,
meaning the name constraint check on such URIs will fail. Fix this by
skipping over the userinfo component:

      authority   = [ userinfo "@" ] host [ ":" port ]

(per RFC 3986).

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25861)
Configure diff | blob | blame | history
crypto/http/build.info diff | blob | blame | history
crypto/http/http_lib.c diff | blob | blame | history
crypto/x509/v3_ncons.c diff | blob | blame | history
include/openssl/http.h diff | blob | blame | history
test/certs/nc-uri-cert.pem [new file with mode: 0644] blob
test/certs/ncca4-cert.pem [new file with mode: 0644] blob
test/certs/ncca4-key.pem [new file with mode: 0644] blob
test/certs/setup.sh diff | blob | blame | history
test/recipes/25-test_verify.t diff | blob | blame | history
util/libcrypto.num diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git