Allow setting a non-critical name-constraints extension.

diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 514d69f540ff3454344703ab619cfcc8cfa69eec..a5204d6779eaf59143f6ee81964ec92f5b9deba9 100644 (file)
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -251,7 +251,8 @@ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
                                              gnutls_x509_subject_alt_name_t type,
                                              const gnutls_datum_t * name);
 int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt, 
-                                        gnutls_x509_name_constraints_t nc);
+                                        gnutls_x509_name_constraints_t nc,
+                                        unsigned int critical);
 int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc,
                                     unsigned idx,
                                     unsigned *type, gnutls_datum_t * name);

diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index f25a61851ff690485d9407cb73f18f3a5197d2ab..6dc7ab7b388d2104255cccc659fe6424cad9bc48 100644 (file)
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -339,6 +339,7 @@ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
  * gnutls_x509_crt_set_name_constraints:
  * @crt: The certificate structure
  * @nc: The nameconstraints structure
+ * @critical: whether this extension will be critical
  *
  * This function will set the provided name constraints to
  * the certificate extension list. This extension is always
@@ -349,7 +350,8 @@ int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc,
  * Since: 3.3.0
  **/
 int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt, 
-                                        gnutls_x509_name_constraints_t nc)
+                                        gnutls_x509_name_constraints_t nc,
+                                        unsigned int critical)
 {
 int ret, result;
 gnutls_datum_t der_data;
@@ -447,7 +449,7 @@ struct name_constraints_node_st * tmp;
        }
 
        ret =
-           _gnutls_x509_crt_set_extension(crt, "2.5.29.30", &der_data, 1);
+           _gnutls_x509_crt_set_extension(crt, "2.5.29.30", &der_data, critical);
 
        _gnutls_free_datum(&der_data);