]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ede96fe)
openssl: Add support for IP address nameConstraints
authorTobias Brunner <tobias@strongswan.org>
Wed, 18 Oct 2023 16:27:07 +0000 (18:27 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 13 Nov 2023 11:23:33 +0000 (12:23 +0100)
src/libstrongswan/plugins/openssl/openssl_x509.c patch | blob | blame | history

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index f7bef0d0317fec199db037c0c276f2ab1650afe5..db227c54857140690b48f763e3da12240326ab44 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -224,10 +224,20 @@ static identification_t *general_name2id(GENERAL_NAME *name)
                        {
                                return identification_create_from_encoding(ID_IPV4_ADDR, chunk);
                        }
+                       if (chunk.len == 8)
+                       {
+                               return identification_create_from_encoding(ID_IPV4_ADDR_SUBNET,
+                                                                                                                  chunk);
+                       }
                        if (chunk.len == 16)
                        {
                                return identification_create_from_encoding(ID_IPV6_ADDR, chunk);
                        }
+                       if (chunk.len == 32)
+                       {
+                               return identification_create_from_encoding(ID_IPV6_ADDR_SUBNET,
+                                                                                                                  chunk);
+                       }
                        return NULL;
                }
                case GEN_DIRNAME :
Unnamed repository; edit this file 'description' to name the repository.