allow ip address as constraint

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Wed, 19 Feb 2014 14:25:08 +0000 (15:25 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Wed, 19 Feb 2014 14:25:08 +0000 (15:25 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 19 Feb 2014 14:25:08 +0000 (15:25 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 19 Feb 2014 14:25:08 +0000 (15:25 +0100)
diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c

index d7f59cb9eb977f6f1742acf32522c821bc437b68..96ce8201c678309ec7ce6980cb9d28d715c50d7b 100644 (file)
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -75,8 +75,9 @@ static int extract_name_constraints(ASN1_TYPE c2, const char *vstr,
                         break;
                 }
  
-               if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME
-                   && type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI) {
+               if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
+                   type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI &&
+                   type != GNUTLS_SAN_IPADDRESS) {
                         gnutls_assert();
                         ret = GNUTLS_E_ILLEGAL_PARAMETER;
                         goto cleanup;
@@ -262,7 +263,7 @@ int name_constraints_add(gnutls_x509_name_constraints_t nc,
         int ret;
  
         if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
-               type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI)
+               type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI && type != GNUTLS_SAN_IPADDRESS)
                 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
  
         if (type == GNUTLS_SAN_DNSNAME && name->size > 0 && name->data[0] == '.') {
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Wed, 19 Feb 2014 14:25:08 +0000 (15:25 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Wed, 19 Feb 2014 14:25:08 +0000 (15:25 +0100)