From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Tue, 18 Feb 2014 06:36:47 +0000 (+0100)
Subject: Allow setting a non-critical name-constraints extension.
X-Git-Tag: gnutls_3_3_0pre0~169
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4ecb73d2e540f61bbfe19b6acb8a6a37deea1f7d;p=thirdparty%2Fgnutls.git

Allow setting a non-critical name-constraints extension.
---

diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 514d69f540..a5204d6779 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -251,7 +251,8 @@ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
 					      gnutls_x509_subject_alt_name_t type,
 					      const gnutls_datum_t * name);
 int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt, 
-					 gnutls_x509_name_constraints_t nc);
+					 gnutls_x509_name_constraints_t nc,
+					 unsigned int critical);
 int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc,
 				     unsigned idx,
 				     unsigned *type, gnutls_datum_t * name);
diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index f25a61851f..6dc7ab7b38 100644
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -339,6 +339,7 @@ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
  * gnutls_x509_crt_set_name_constraints:
  * @crt: The certificate structure
  * @nc: The nameconstraints structure
+ * @critical: whether this extension will be critical
  *
  * This function will set the provided name constraints to
  * the certificate extension list. This extension is always
@@ -349,7 +350,8 @@ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
  * Since: 3.3.0
  **/
 int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt, 
-					 gnutls_x509_name_constraints_t nc)
+					 gnutls_x509_name_constraints_t nc,
+					 unsigned int critical)
 {
 int ret, result;
 gnutls_datum_t der_data;
@@ -447,7 +449,7 @@ struct name_constraints_node_st * tmp;
 	}
 
 	ret =
-	    _gnutls_x509_crt_set_extension(crt, "2.5.29.30", &der_data, 1);
+	    _gnutls_x509_crt_set_extension(crt, "2.5.29.30", &der_data, critical);
 
 	_gnutls_free_datum(&der_data);