From 1c3096fe50b59ae892a14c260d3e287ec87aa36c Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 18 Oct 2023 18:27:07 +0200
Subject: [PATCH] openssl: Add support for IP address nameConstraints

---
 src/libstrongswan/plugins/openssl/openssl_x509.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index f7bef0d031..db227c5485 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -224,10 +224,20 @@ static identification_t *general_name2id(GENERAL_NAME *name)
 			{
 				return identification_create_from_encoding(ID_IPV4_ADDR, chunk);
 			}
+			if (chunk.len == 8)
+			{
+				return identification_create_from_encoding(ID_IPV4_ADDR_SUBNET,
+														   chunk);
+			}
 			if (chunk.len == 16)
 			{
 				return identification_create_from_encoding(ID_IPV6_ADDR, chunk);
 			}
+			if (chunk.len == 32)
+			{
+				return identification_create_from_encoding(ID_IPV6_ADDR_SUBNET,
+														   chunk);
+			}
 			return NULL;
 		}
 		case GEN_DIRNAME :
-- 
2.47.2