From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 19 Feb 2014 14:25:08 +0000 (+0100)
Subject: allow ip address as constraint
X-Git-Tag: gnutls_3_3_0pre0~132
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6fa3371b2311c0d48f80aa7a1ff4e2db96bdaf35;p=thirdparty%2Fgnutls.git

allow ip address as constraint
---

diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index d7f59cb9eb..96ce8201c6 100644
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -75,8 +75,9 @@ static int extract_name_constraints(ASN1_TYPE c2, const char *vstr,
 			break;
 		}
 
-		if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME
-		    && type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI) {
+		if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
+		    type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI &&
+		    type != GNUTLS_SAN_IPADDRESS) {
 			gnutls_assert();
 			ret = GNUTLS_E_ILLEGAL_PARAMETER;
 			goto cleanup;
@@ -262,7 +263,7 @@ int name_constraints_add(gnutls_x509_name_constraints_t nc,
 	int ret;
 
 	if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
-		type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI)
+		type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI && type != GNUTLS_SAN_IPADDRESS)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
 	if (type == GNUTLS_SAN_DNSNAME && name->size > 0 && name->data[0] == '.') {