Thanks Matt.
Em 23/05/2014 19:36, Matt Caswell via RT r...@openssl.org escreveu:
Hi Luiz
Thanks for the patch. I've reviewed it and it looks good. With regards to
your
comments around X509_V_ERR_PERMITTED_VIOLATION vs
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, I think you did it right.
Thanks Matt.
Em 23/05/2014 19:36, Matt Caswell via RT r...@openssl.org escreveu:
Hi Luiz
Thanks for the patch. I've reviewed it and it looks good. With regards to
your
comments around X509_V_ERR_PERMITTED_VIOLATION vs
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, I think you did it right.
Hi Luiz
Thanks for the patch. I've reviewed it and it looks good. With regards to your
comments around X509_V_ERR_PERMITTED_VIOLATION vs
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, I think you did it right.
Therefore:
Hello,
As this is my first opessl patch, I might have missed something.
This patch is important for those who wants to use name constraints in a CA.
Using name constraints for DNS prevents the use of an ip address in DNS
subjAltName.
The subjAltName using ipAddress solves the problem, but it was
Hello,
As this is my first opessl patch, I might have missed something.
This patch is important for those who wants to use name constraints in a CA.
Using name constraints for DNS prevents the use of an ip address in DNS
subjAltName.
The subjAltName using ipAddress solves the problem, but it was
From: Luiz Angelo Daros de Luca luizl...@tre-sc.gov.br
OpenSSL is able to generate a certificate with name constraints with any
possible
subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP
as an example:
nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
