Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package Botan for openSUSE:Factory checked
in at 2021-05-11 23:04:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/Botan (Old)
and /work/SRC/openSUSE:Factory/.Botan.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "Botan"
Tue May 11 23:04:15 2021 rev:59 rq:892202 version:2.18.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/Botan/Botan.changes 2021-04-21
21:01:09.830368089 +0200
+++ /work/SRC/openSUSE:Factory/.Botan.new.2988/Botan.changes 2021-05-11
23:04:23.136896039 +0200
@@ -1,0 +2,26 @@
+Mon May 10 11:05:35 UTC 2021 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- Botan 2.18.1:
+ * Fix a build regression in 2.18.0 which caused linker flags
+ which contain -l within them (such as -fuse-linker-plugin)
+ to be misinterpreted
+ * Fix a bug which caused decoding a certificate which contained
+ more than one name in a single RDN
+ * Fix a bug which caused OID lookup failures when run in a locale
+ which uses thousands separators (pt_BR was reported as having
+ this issue)
+ * DNS names in name constraints were compared with case
+ sensitivity, which could cause valid certificates to be
+ rejected
+ * X.509 name constraint extensions were rejected if non-critical.
+ RFC 5280 requires conforming CAs issue such extensions as
+ critical, but not all certificates are compliant, and all other
+ known implementations do not require this
+ * X.509 name constraints were incorrectly applied to the
+ certificate which included the constraint
+- build with lzma compression support
+- build with SQLite support
+- build with TPM support
+- fix SLE 12 build
+
+-------------------------------------------------------------------
Old:
----
Botan-2.18.0.tar.xz
Botan-2.18.0.tar.xz.asc
New:
----
Botan-2.18.1.tar.xz
Botan-2.18.1.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ Botan.spec ++++++
--- /var/tmp/diff_new_pack.00rT1r/_old 2021-05-11 23:04:24.048891879 +0200
+++ /var/tmp/diff_new_pack.00rT1r/_new 2021-05-11 23:04:24.048891879 +0200
@@ -16,10 +16,11 @@
#
+%{!?make_build: %define make_build make %{?_smp_mflags}}
%define version_suffix 2-18
%define short_version 2
Name: Botan
-Version: 2.18.0
+Version: 2.18.1
Release: 0
Summary: A C++ Crypto Library
License: BSD-2-Clause
@@ -35,7 +36,10 @@
BuildRequires: openssl-devel
BuildRequires: pkgconfig
BuildRequires: python3
+BuildRequires: trousers-devel
BuildRequires: zlib-devel
+BuildRequires: pkgconfig(liblzma)
+BuildRequires: pkgconfig(sqlite3)
%description
Botan is a C++ library that provides support for many common
@@ -58,6 +62,9 @@
Group: Development/Libraries/C and C++
Requires: libbotan-%{version_suffix} = %{version}
Requires: libbz2-devel
+Requires: trousers-devel
+Requires: pkgconfig(liblzma)
+Requires: pkgconfig(sqlite3)
Provides: Botan-devel = %{version}
Obsoletes: Botan-devel < %{version}
@@ -96,8 +103,11 @@
--includedir=%{_includedir} \
--with-bzip2 \
--with-zlib \
+ --with-lzma \
--with-openssl \
--with-openmp \
+ --with-sqlite \
+ --with-tpm \
%ifarch %{ix86}
--cpu=x86_32
%else
@@ -118,7 +128,7 @@
sed -i '1s@^#!/.*@#!%{_bindir}/python3@'
%{buildroot}%{python3_sitearch}/botan2.py
%check
-make check
+%make_build check
%post -n libbotan-%{version_suffix} -p /sbin/ldconfig
%postun -n libbotan-%{version_suffix} -p /sbin/ldconfig
++++++ Botan-2.18.0.tar.xz -> Botan-2.18.1.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/configure.py
new/Botan-2.18.1/configure.py
--- old/Botan-2.18.0/configure.py 2021-04-15 07:14:48.000000000 +0200
+++ new/Botan-2.18.1/configure.py 2021-05-09 10:53:01.000000000 +0200
@@ -3017,8 +3017,14 @@
options.fuzzer_lib = 'Fuzzer'
if options.ldflags is not None:
- libs = [m.group(1) for m in re.finditer(r'-l([a-z0-9]+)',
options.ldflags)]
- options.extra_libs += ','.join(libs)
+ extra_libs = []
+ link_to_lib = re.compile('^-l(.*)')
+ for flag in options.ldflags.split(' '):
+ match = link_to_lib.match(flag)
+ if match:
+ extra_libs.append(match.group(1))
+
+ options.extra_libs += ','.join(extra_libs)
# Checks user options for consistency
# This method DOES NOT change options on behalf of the user but explains
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/news.rst new/Botan-2.18.1/news.rst
--- old/Botan-2.18.0/news.rst 2021-04-15 07:14:48.000000000 +0200
+++ new/Botan-2.18.1/news.rst 2021-05-09 10:53:01.000000000 +0200
@@ -1,6 +1,31 @@
Release Notes
========================================
+Version 2.18.1, 2021-05-09
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix a build regression in 2.18.0 which caused linker flags which
+ contain ``-l`` within them (such as ``-fuse-linker-plugin``) to
+ be misinterpreted. (GH #2715)
+
+* Fix a bug which caused decoding a certificate which contained
+ more than one name in a single RDN. (GH #2611 #2630 #2724)
+
+* Fix a bug which caused OID lookup failures when run in a locale
+ which uses thousands separators (pt_BR was reported as having
+ this issue). (GH #2732 #2730 #2237)
+
+* DNS names in name constraints were compared with case sensitivity, which
+ could cause valid certificates to be rejected. (GH #2739 #2735)
+
+* X.509 name constraint extensions were rejected if non-critical. RFC 5280
+ requires conforming CAs issue such extensions as critical, but not all
+ certificates are compliant, and all other known implementations do not
+ require this. (GH #2739 #2736)
+
+* X.509 name constraints were incorrectly applied to the certificate which
+ included the constraint. (GH #2739 #2737)
+
Version 2.18.0, 2021-04-15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -27,7 +52,7 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* CVE-2021-24115 Change base64, base58, base32, and hex encoding and
- decoding opearations to run in constant time (GH #2549)
+ decoding operations to run in constant time (GH #2549)
* Fix a build problem on PPC64 building with Clang (GH #2547)
@@ -49,7 +74,7 @@
* Resolve an issue in the modular square root algorithm where a loop
to find a quadratic non-residue could, for a carefully chosen
- composite modulus, not terminte in a timely manner. (GH #2482 #2476)
+ composite modulus, not terminate in a timely manner. (GH #2482 #2476)
* Fix a regression in MinGW builds introduced in 2.17.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/readme.rst new/Botan-2.18.1/readme.rst
--- old/Botan-2.18.0/readme.rst 2021-04-15 07:14:48.000000000 +0200
+++ new/Botan-2.18.1/readme.rst 2021-05-09 10:53:01.000000000 +0200
@@ -27,9 +27,9 @@
<https://botan.randombit.net/security.html>`_ for contact information.
The latest release is
-`2.18.0 <https://botan.randombit.net/releases/Botan-2.18.0.tar.xz>`_
-`(sig) <https://botan.randombit.net/releases/Botan-2.18.0.tar.xz.asc>`_,
-released on 2021-04-15.
+`2.18.1 <https://botan.randombit.net/releases/Botan-2.18.1.tar.xz>`_
+`(sig) <https://botan.randombit.net/releases/Botan-2.18.1.tar.xz.asc>`_,
+released on 2021-05-09.
All releases are signed with a `PGP key
<https://botan.randombit.net/pgpkey.txt>`_.
See the `release notes <https://botan.randombit.net/news.html>`_ for
what is new. Botan is also available through most
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/src/build-data/version.txt
new/Botan-2.18.1/src/build-data/version.txt
--- old/Botan-2.18.0/src/build-data/version.txt 2021-04-15 07:14:48.000000000
+0200
+++ new/Botan-2.18.1/src/build-data/version.txt 2021-05-09 10:53:01.000000000
+0200
@@ -1,11 +1,11 @@
release_major = 2
release_minor = 18
-release_patch = 0
+release_patch = 1
release_suffix = ''
release_so_abi_rev = 18
# These are set by the distribution script
-release_vc_rev = 'git:21c71f73883820f51d7adce25f6c1f54a243c3a4'
-release_datestamp = 20210415
+release_vc_rev = 'git:d4bd416702a65eddcc14ee06b9c1b674631e6ae3'
+release_datestamp = 20210509
release_type = 'release'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/src/lib/asn1/asn1_oid.cpp
new/Botan-2.18.1/src/lib/asn1/asn1_oid.cpp
--- old/Botan-2.18.0/src/lib/asn1/asn1_oid.cpp 2021-04-15 07:14:48.000000000
+0200
+++ new/Botan-2.18.1/src/lib/asn1/asn1_oid.cpp 2021-05-09 10:53:01.000000000
+0200
@@ -98,6 +98,7 @@
std::string OID::to_string() const
{
std::ostringstream oss;
+ oss.imbue(std::locale("C"));
for(size_t i = 0; i != m_id.size(); ++i)
{
oss << m_id[i];
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/src/lib/utils/parsing.cpp
new/Botan-2.18.1/src/lib/utils/parsing.cpp
--- old/Botan-2.18.0/src/lib/utils/parsing.cpp 2021-04-15 07:14:48.000000000
+0200
+++ new/Botan-2.18.1/src/lib/utils/parsing.cpp 2021-05-09 10:53:01.000000000
+0200
@@ -324,8 +324,6 @@
return out;
}
-namespace {
-
std::string tolower_string(const std::string& in)
{
std::string s = in;
@@ -338,8 +336,6 @@
return s;
}
-}
-
bool host_wildcard_match(const std::string& issued_, const std::string& host_)
{
const std::string issued = tolower_string(issued_);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/src/lib/utils/parsing.h
new/Botan-2.18.1/src/lib/utils/parsing.h
--- old/Botan-2.18.0/src/lib/utils/parsing.h 2021-04-15 07:14:48.000000000
+0200
+++ new/Botan-2.18.1/src/lib/utils/parsing.h 2021-05-09 10:53:01.000000000
+0200
@@ -167,6 +167,8 @@
std::string BOTAN_PUBLIC_API(2,0) clean_ws(const std::string& s);
+std::string tolower_string(const std::string& s);
+
/**
* Check if the given hostname is a match for the specified wildcard
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/src/lib/x509/name_constraint.cpp
new/Botan-2.18.1/src/lib/x509/name_constraint.cpp
--- old/Botan-2.18.0/src/lib/x509/name_constraint.cpp 2021-04-15
07:14:48.000000000 +0200
+++ new/Botan-2.18.1/src/lib/x509/name_constraint.cpp 2021-05-09
10:53:01.000000000 +0200
@@ -165,17 +165,19 @@
{
if(nam.size() == name().size())
{
- return nam == name();
+ return tolower_string(nam) == tolower_string(name());
}
else if(name().size() > nam.size())
{
+ // The constraint is longer than the issued name: not possibly a match
return false;
}
else // name.size() < nam.size()
{
- std::string constr = name().front() == '.' ? name() : "." + name();
// constr is suffix of nam
- return constr == nam.substr(nam.size() - constr.size(), constr.size());
+ const std::string constr = name().front() == '.' ? name() : "." + name();
+ const std::string substr = nam.substr(nam.size() - constr.size(),
constr.size());
+ return tolower_string(constr) == tolower_string(substr);
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/src/lib/x509/x509_dn.cpp
new/Botan-2.18.1/src/lib/x509/x509_dn.cpp
--- old/Botan-2.18.0/src/lib/x509/x509_dn.cpp 2021-04-15 07:14:48.000000000
+0200
+++ new/Botan-2.18.1/src/lib/x509/x509_dn.cpp 2021-05-09 10:53:01.000000000
+0200
@@ -291,7 +291,7 @@
rdn.start_cons(SEQUENCE)
.decode(oid)
.decode(str) // TODO support Any
- .end_cons().verify_end("Invalid X509_DN, data follows RDN");
+ .end_cons();
add_attribute(oid, str);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/src/lib/x509/x509_ext.cpp
new/Botan-2.18.1/src/lib/x509/x509_ext.cpp
--- old/Botan-2.18.0/src/lib/x509/x509_ext.cpp 2021-04-15 07:14:48.000000000
+0200
+++ new/Botan-2.18.1/src/lib/x509/x509_ext.cpp 2021-05-09 10:53:01.000000000
+0200
@@ -657,20 +657,17 @@
{
if(!m_name_constraints.permitted().empty() ||
!m_name_constraints.excluded().empty())
{
- if(!subject.is_CA_cert() ||
!subject.is_critical("X509v3.NameConstraints"))
+ if(!subject.is_CA_cert())
+ {
cert_status.at(pos).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR);
+ }
const bool issuer_name_constraint_critical =
issuer.is_critical("X509v3.NameConstraints");
- const bool at_self_signed_root = (pos == cert_path.size() - 1);
-
// Check that all subordinate certs pass the name constraint
- for(size_t j = 0; j <= pos; ++j)
+ for(size_t j = 0; j < pos; ++j)
{
- if(pos == j && at_self_signed_root)
- continue;
-
bool permitted = m_name_constraints.permitted().empty();
bool failed = false;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/src/tests/data/x509/bsi/expected.txt
new/Botan-2.18.1/src/tests/data/x509/bsi/expected.txt
--- old/Botan-2.18.0/src/tests/data/x509/bsi/expected.txt 2021-04-15
07:14:48.000000000 +0200
+++ new/Botan-2.18.1/src/tests/data/x509/bsi/expected.txt 2021-05-09
10:53:01.000000000 +0200
@@ -48,7 +48,7 @@
cert_path_ext_13$Unknown critical extension encountered
cert_path_ext_14$Unknown critical extension encountered
cert_path_ext_15$Certificate does not pass name constraint
-cert_path_ext_16$Certificate does not pass name constraint
+cert_path_ext_16$Verified
#cert_path_ext_17$
cert_path_ext_18$Unknown critical extension encountered
cert_path_ext_19$Unknown critical extension encountered
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Botan-2.18.0/src/tests/data/x509/misc/name_constraint_ci/int.pem
new/Botan-2.18.1/src/tests/data/x509/misc/name_constraint_ci/int.pem
--- old/Botan-2.18.0/src/tests/data/x509/misc/name_constraint_ci/int.pem
1970-01-01 01:00:00.000000000 +0100
+++ new/Botan-2.18.1/src/tests/data/x509/misc/name_constraint_ci/int.pem
2021-05-09 10:53:01.000000000 +0200
@@ -0,0 +1,101 @@
+-----BEGIN CERTIFICATE-----
+MIISZjCCEE6gAwIBAgIQL+DBBkUO02gMUQKcjFQSXTANBgkqhkiG9w0BAQsFADBr
+MQswCQYDVQQGEwJJVDEOMAwGA1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMg
+Uy5wLkEuLzAzMzU4NTIwOTY3MScwJQYDVQQDDB5BY3RhbGlzIEF1dGhlbnRpY2F0
+aW9uIFJvb3QgQ0EwHhcNMTkwNjEzMDc0ODQ3WhcNMjkwNjEyMDc0ODQ3WjCBkDEL
+MAkGA1UEBhMCSVQxDTALBgNVBAcMBFJvbWExJjAkBgNVBAoMHUFnZW56aWEgcGVy
+IGwnSXRhbGlhIERpZ2l0YWxlMTcwNQYDVQQLDC5BcmVhIFNvbHV6aW9uaSBwZXIg
+bGEgUHViYmxpY2EgQW1taW5pc3RyYXppb25lMREwDwYDVQQDDAhBZ0lEIENBMTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANU2n0Xri8wepI2AarzJVG5E
+9/kQpXhuLbX3sQgN0RjTfhvPB9fwXRrfvar5upsWGvwPuUB2Z3A2jseDa1hbvHee
+fkkfjKT/UkUidqZEKprb176t/zJoNVI7lgRCjjz90ByVjUHIFuwQUHOVMbfHyeBW
+pTQrzYsxnofRKRep3ZESLlhKaln4/8/rSICxnD8KpeTQ41Qn8VYpj0RV0NU0+k9V
+gR9C/K4zX1z4AonMemcRP/8B1XFyjk2LaqUXHt8LBw6Wb+OYO+n9rXKT8pDyr9/z
+d+kSJxxI2gvooye7Xt3xJGqODkpZru3Q3Gb5c8T2UZ2mnKZwOciN4p/5tcOaC1cC
+AwEAAaOCDd4wgg3aMIIL2gYDVR0eBIIL0TCCC82ggguXMA2BC2FnaWQuZ292Lml0
+MBmBF2NlcnQuaW5mb3JtYXRpY2EuYWNpLml0MBGBD2NlcnQuaW50ZXJuby5pdDAM
+gQplbWFyY2hlLml0MBCBDmZhc3R3ZWItcGVjLml0MBWBE2dlc3RvcmVwZWMudW5p
+bmEuaXQwDIEKa21haWxlci5pdDAOgQxsZWdhbG1haWwuaXQwEIEOcGNlcnQuc29n
+ZWkuaXQwEIEOcGVjLmFjdGFsaXMuaXQwEIEOcGVjLmFuY2l0ZWwuaXQwDoEMcGVj
+LmFydWJhLml0MBaBFHBlYy5iYXNpbGljYXRhbmV0Lml0MA+BDXBlYy1lbWFpbC5j
+b20wEoEQcGVjLnBvc3RlY2VydC5pdDAWgRRwZWMucG9zdGVpdGFsaWFuZS5pdDAV
+gRNwZWMucnVwYXIucHVnbGlhLml0MBaBFHBvc3RhY2VydC5jZWRhY3JpLml0MB+B
+HXBvc3RhY2VydGlmaWNhdGEubm90YXJpYXRvLml0MBKBEHBvc3RhY2VydC5pdC5u
+ZXQwDoEMcG9zdGVjZXJ0Lml0MBWBE3NpY3VyZXp6YXBvc3RhbGUuaXQwEIEOdGVs
+ZWNvbXBvc3QuaXQwF4EVdHJ1c3RlZG1haWwuaW50ZXNhLml0MAyBCnR3dGNlcnQu
+aXQwEYEPenVjY2hldHRpcGVjLml0MBCBDmNlcnQuaW50ZXNhLml0MBaBFGNlcnRt
+YWlsLmtwbnF3ZXN0Lml0MBWBE2NlcnRtYWlsLmlyaWRlb3MuaXQwGoEYcHVwZWMu
+aW5mb3JtYXRpY2EuYWNpLml0MBmBF3Byby5zaWN1cmV6emFwb3N0YWxlLml0MBCB
+DnBlYy5iaWxsNG1lLml0MBGBD3BlYy5ub3RhcnRlbC5pdDATghFhZ2VuZGFkaWdp
+dGFsZS5pdDASghBhZ2lkLWNhMS10ZXN0Lml0MAmCB2FnaWQuaXQwCYIHYWlwYS5p
+dDANggtjZXJ0LXNwYy5pdDAOggxjcmNpdGFsaWEuaXQwHIIaZGlmZW5zb3JlY2l2
+aWNvZGlnaXRhbGUuaXQwEoIQZGlnaXRhbGFnZW5kYS5pdDAMggpkaWdpdHBhLml0
+MAiCBmdvdi5pdDALgglpdGFsaWEuaXQwCoIIY25pcGEuaXQwDIIKY2VydC1wYS5p
+dDANggtpbmRpY2VwYS5pdDBQpE4wTDELMAkGA1UEBhMCSVQxDTALBgNVBAgMBFJv
+bWExDTALBgNVBAcMBFJvbWExHzAdBgNVBAoMFkFDSSBJbmZvcm1hdGljYSBTLnAu
+QS4wWaRXMFUxCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCZXJnYW1vMRkwFwYDVQQH
+DBBQb250ZSBTYW4gUGlldHJvMRkwFwYDVQQKDBBBcnViYSBQRUMgUy5wLkEuMFek
+VTBTMQswCQYDVQQGEwJJVDEQMA4GA1UECAwHQmVyZ2FtbzEZMBcGA1UEBwwQUG9u
+dGUgU2FuIFBpZXRybzEXMBUGA1UECgwOQWN0YWxpcyBTLnAuQS4wV6RVMFMxCzAJ
+BgNVBAYTAklUMQ0wCwYDVQQIDARSb21hMQ0wCwYDVQQHDARSb21hMSYwJAYDVQQK
+DB1BZ2VuemlhIHBlciBsJ0l0YWxpYSBEaWdpdGFsZTBIpEYwRDELMAkGA1UEBhMC
+SVQxDTALBgNVBAgMBFJvbWExDTALBgNVBAcMBFJvbWExFzAVBgNVBAoMDkFuY2l0
+ZWwgUy5wLkEuME+kTTBLMQswCQYDVQQGEwJJVDEOMAwGA1UECAwFUGFybWExEzAR
+BgNVBAcMCkNvbGxlY2NoaW8xFzAVBgNVBAoMDkNlZGFjcmkgUy5wLkEuMFukWTBX
+MQswCQYDVQQGEwJJVDENMAsGA1UECAwEUm9tYTENMAsGA1UEBwwEUm9tYTEqMCgG
+A1UECgwhQ29uc2lnbGlvIE5hemlvbmFsZSBkZWwgTm90YXJpYXRvMEykSjBIMQsw
+CQYDVQQGEwJJVDEPMA0GA1UECAwGTWlsYW5vMQ8wDQYDVQQHDAZNaWxhbm8xFzAV
+BgNVBAoMDkZhc3R3ZWIgUy5wLkEuMEqkSDBGMQswCQYDVQQGEwJJVDEPMA0GA1UE
+CAwGTWlsYW5vMQ8wDQYDVQQHDAZBc3NhZ28xFTATBgNVBAoMDElUbmV0IFMuci5s
+LjBPpE0wSzELMAkGA1UEBhMCSVQxDzANBgNVBAgMBlRvcmlubzEPMA0GA1UEBwwG
+VG9yaW5vMRowGAYDVQQKDBFJbi5UZS5TLkEuIFMucC5BLjBJpEcwRTELMAkGA1UE
+BhMCSVQxDTALBgNVBAgMBFJvbWExDTALBgNVBAcMBFJvbWExGDAWBgNVBAoMD0lu
+Zm9DZXJ0IFMucC5BLjBSpFAwTjELMAkGA1UEBhMCSVQxDTALBgNVBAgMBEJhcmkx
+EjAQBgNVBAcMCVZhbGVuemFubzEcMBoGA1UECgwTSW5ub3ZhUHVnbGlhIFMucC5B
+LjBRpE8wTTELMAkGA1UEBhMCSVQxDzANBgNVBAgMBkFuY29uYTETMBEGA1UEBwwK
+U2VuaWdhbGxpYTEYMBYGA1UECgwPTmFtaXJpYWwgUy5wLkEuME+kTTBLMQswCQYD
+VQQGEwJJVDENMAsGA1UECAwEUm9tYTENMAsGA1UEBwwEUm9tYTEeMBwGA1UECgwV
+UG9zdGUgSXRhbGlhbmUgUy5wLkEuMFKkUDBOMQswCQYDVQQGEwJJVDEQMA4GA1UE
+CAwHUG90ZW56YTEQMA4GA1UEBwwHUG90ZW56YTEbMBkGA1UECgwSUmVnaW9uZSBC
+YXNpbGljYXRhMEykSjBIMQswCQYDVQQGEwJJVDEPMA0GA1UECAwGQW5jb25hMQ8w
+DQYDVQQHDAZBbmNvbmExFzAVBgNVBAoMDlJlZ2lvbmUgTWFyY2hlME+kTTBLMQsw
+CQYDVQQGEwJJVDEQMA4GA1UECAwHRmlyZW56ZTEQMA4GA1UEBwwHRmlyZW56ZTEY
+MBYGA1UECgwPUmVnaXN0ZXIgUy5wLkEuMEakRDBCMQswCQYDVQQGEwJJVDENMAsG
+A1UECAwEUm9tYTENMAsGA1UEBwwEUm9tYTEVMBMGA1UECgwMU29nZWkgUy5wLkEu
+MEikRjBEMQswCQYDVQQGEwJJVDEPMA0GA1UECAwGTWlsYW5vMQ8wDQYDVQQHDAZN
+aWxhbm8xEzARBgNVBAoMClRXVCBTLnAuQS4wZaRjMGExCzAJBgNVBAYTAklUMQ0w
+CwYDVQQIDARSb21hMRAwDgYDVQQHDAdQb21lemlhMTEwLwYDVQQKDChUZWxlY29t
+IEl0YWxpYSBUcnVzdCBUZWNobm9sb2dpZXMgUy5yLmwuMGqkaDBmMQswCQYDVQQG
+EwJJVDEPMA0GA1UECAwGTmFwb2xpMQ8wDQYDVQQHDAZOYXBvbGkxNTAzBgNVBAoM
+LFVOSVZFUlNJVEEgREVHTEkgU1RVREkgREkgTkFQT0xJIEZFREVSSUNPIElJMEqk
+SDBGMQswCQYDVQQGEwJJVDENMAsGA1UECAwETG9kaTENMAsGA1UEBwwETG9kaTEZ
+MBcGA1UECgwQWnVjY2hldHRpIFMucC5BLjBUpFIwUDELMAkGA1UEBhMCSVQxDzAN
+BgNVBAgMBk1pbGFubzEPMA0GA1UEBwwGTWlsYW5vMR8wHQYDVQQKDBZLUE5RV0VT
+VCBJVEFMSUEgUy5yLmwuMEykSjBIMQswCQYDVQQGEwJJVDEPMA0GA1UECAwGTWls
+YW5vMQ8wDQYDVQQHDAZNaWxhbm8xFzAVBgNVBAoMDklSSURFT1MgUy5wLkEuMEmk
+RzBFMQswCQYDVQQGEwJJVDENMAsGA1UECAwEUm9tYTENMAsGA1UEBwwEUm9tYTEY
+MBYGA1UECgwPTm90YXJ0ZWwgUy5wLkEuoTAwCocIAAAAAAAAAAAwIocgAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwQQYIKwYBBQUHAQEENTAzMDEGCCsG
+AQUFBzABhiVodHRwOi8vb2NzcDA3LmFjdGFsaXMuaXQvVkEvQVVUSC1ST09UMB0G
+A1UdDgQWBBSl/YUFDsPx1mVKIGzi201gkyuKoDASBgNVHRMBAf8ECDAGAQH/AgEA
+MB8GA1UdIwQYMBaAFFLYiDrIn3hm7YnzezhwlMkCAjbQME4GA1UdIARHMEUwQwYF
+K0wQAwEwOjA4BggrBgEFBQcCARYsaHR0cDovL3d3dy5hZ2lkLmdvdi5pdC9jZXJ0
+aWZpY2F0aS1maXJtYS1wZWMwgeMGA1UdHwSB2zCB2DCBlqCBk6CBkIaBjWxkYXA6
+Ly9sZGFwMDcuYWN0YWxpcy5pdC9jbiUzZEFjdGFsaXMlMjBBdXRoZW50aWNhdGlv
+biUyMFJvb3QlMjBDQSxvJTNkQWN0YWxpcyUyMFMucC5BLiUyZjAzMzU4NTIwOTY3
+LGMlM2RJVD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTA9oDugOYY3
+aHR0cDovL2NybDA3LmFjdGFsaXMuaXQvUmVwb3NpdG9yeS9BVVRILVJPT1QvZ2V0
+TGFzdENSTDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQAInLD/Nl6k9fMhVS3df3nb/IpdsgeT
+EFsUA1I4o7VvhL03S+fk3QhFYOtL1dHNgJS1zlFu3EMYy7C6YDE2a8DQLvKJx3Uk
+yeyBHoMQRCHVSg+lQJQxFOuGn/28zZYNvJN1DvgOgEdEsYOipAAL5TBu8Oz7ixDd
+Wgxipd44wW0AGkhvow4amL5qp7VLxqawXlCE9PdLXzfP0j3OHqUcNCTBCXEAZrPP
+5I3QmbHwRhncviAcFNrPYqzNKul9EUrYaYR0BquS9YHVjlhJr+n/NL56tX7YqrwB
+gHHGa7XpgmVRhdlvDO5sKhIvIM1Pc13aQowkG6g6uLkG1PYBJjt8nFxwUsHSbLdW
+9QEaQctP2UC6FzvU/LH3WVI7mPRq7+bXKDQNdhT7KOElE/FLWbPl2yYk8uKe5Ok3
+YlbyjGVC+h7kehPgv5Y1iasUpZjVte2etEcSI1s7lbprKYt+UdaxiE7qvp/ilaO4
+P1ZHiZUXCbg3wjks00A1WOaxAKsmx9KF8JWKsU6arBT3kDCsoXksBb0KvYG/d0sa
+X3c9UeTthGTN8TyHaHuwTJ7Z3LljOJNsOyYbwvk57LybrFgY3WpcTHaztoL+3c9N
+/odBXgJeM1DKlLZMQ5r1HiRiwnQOaK3htK+B41EaLeu7WXZpN/t4xqA8RxYyYlWd
+vJe1SacGDfVcCw==
+-----END CERTIFICATE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Botan-2.18.0/src/tests/data/x509/misc/name_constraint_ci/leaf.pem
new/Botan-2.18.1/src/tests/data/x509/misc/name_constraint_ci/leaf.pem
--- old/Botan-2.18.0/src/tests/data/x509/misc/name_constraint_ci/leaf.pem
1970-01-01 01:00:00.000000000 +0100
+++ new/Botan-2.18.1/src/tests/data/x509/misc/name_constraint_ci/leaf.pem
2021-05-09 10:53:01.000000000 +0200
@@ -0,0 +1,45 @@
+-----BEGIN CERTIFICATE-----
+MIIH8TCCBtmgAwIBAgIQQD1ha3ZylOCFLxKULwH9ojANBgkqhkiG9w0BAQsFADCB
+kDELMAkGA1UEBhMCSVQxDTALBgNVBAcMBFJvbWExJjAkBgNVBAoMHUFnZW56aWEg
+cGVyIGwnSXRhbGlhIERpZ2l0YWxlMTcwNQYDVQQLDC5BcmVhIFNvbHV6aW9uaSBw
+ZXIgbGEgUHViYmxpY2EgQW1taW5pc3RyYXppb25lMREwDwYDVQQDDAhBZ0lEIENB
+MTAeFw0yMDAxMjIwODE2MDFaFw0yMjAxMjEwODE2MDFaMIGSMQswCQYDVQQGEwJJ
+VDENMAsGA1UECAwEUm9tYTENMAsGA1UEBwwEUm9tYTEmMCQGA1UECgwdQWdlbnpp
+YSBwZXIgbCdJdGFsaWEgRGlnaXRhbGUxGjAYBgNVBAsMEUFNQklFTlRJIENPTExB
+VURPMSEwHwYDVQQDDBhJTkRJQ0VQQS1DT0xMQVVETy5HT1YuSVQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Rv8z5xQ2pMEI3m17bIaDPgpBCNCdxXL7
+LtWSDM2KjHP1NVjuPSA4ASLuPsk6AkB8m0ZJgJKFntzww0IK65cTQPXK51aQZtX9
+Vc7SYykAw5/xpfPR5H/VJfN3xwsN8uasTAiFT0wzZCRtDIpkc2vrdhn0ktndoxUp
+Zm5GT0pRw+8AmhZ+hO+C7xgDZ5CimwHRskJf3UE8HOFhHtIottA9kx1pYVv9iojo
+F+e/H3LGGuHl63p9/2gyjf3/3ZPaA9gtZpN6tnbiv0KOOEMVSvHXnmwtcg/JX3Sr
+Yg2W/93zcSH8IFQks2MuN1rbCv1/ckGXK0F496UPxOqYYA3PiddXAgMBAAGjggRB
+MIIEPTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9jYTEuYWdp
+ZC5nb3YuaXQvT0NTUDAdBgNVHQ4EFgQUqwTNv2lZ57PeXI/MXinOPUX808owHwYD
+VR0jBBgwFoAUpf2FBQ7D8dZlSiBs4ttNYJMriqAwWQYDVR0gBFIwUDAIBgZngQwB
+AgIwRAYGK0wQAwEDMDowOAYIKwYBBQUHAgEWLGh0dHA6Ly93d3cuYWdpZC5nb3Yu
+aXQvY2VydGlmaWNhdGktZmlybWEtcGVjMIHgBgNVHR8EgdgwgdUwgbCgga2ggaqG
+gadsZGFwOi8vY2ExLmFnaWQuZ292Lml0L2NuPUFnSUQlMjBDQTEsb3U9QXJlYSUy
+MFNvbHV6aW9uaSUyMHBlciUyMGxhJTIwUHViYmxpY2ElMjBBbW1pbmlzdHJhemlv
+bmUsbz1BZ2VuemlhJTIwcGVyJTIwbCUyN0l0YWxpYSUyMERpZ2l0YWxlLEM9SVQ/
+Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDAgoB6gHIYaaHR0cDovL2NhMS5hZ2lk
+Lmdvdi5pdC9DUkwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDATCB0gYDVR0RBIHKMIHHghtjYS5pbmRpY2VwYS1jb2xsYXVkby5n
+b3YuaXSCHHd3dy5pbmRpY2VwYS1jb2xsYXVkby5nb3YuaXSCG3d3dy5nZW9kYXRp
+LWNvbGxhdWRvLmdvdi5pdIIgZ292ZXJuYW5jZS1jb2xsYXVkby5pY3NwYy5nb3Yu
+aXSCF2dlb2RhdGktY29sbGF1ZG8uZ292Lml0ghhJTkRJQ0VQQS1DT0xMQVVETy5H
+T1YuSVSCGGluZGljZXBhLWNvbGxhdWRvLmdvdi5pdDCCAX4GCisGAQQB1nkCBAIE
+ggFuBIIBagFoAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFv
+zFu92gAABAMARzBFAiA5SwL52cTLwjeFcNEbES5LE1wA260wvnPPeVF9zQEa/gIh
+AOS8weXMlVrkJ4rZgFmf9H7cF6OHiSANl/QDMGr4JJLGAHUAQcjKsd8iRkoQxqE6
+CUKHXk4xixsD6+tLx2jwkGKWBvYAAAFvzFu/GgAABAMARjBEAiBqxfN3vRyoxsmT
+4H2f1x+h5902T2bpYlLI2Kk7eTC6nwIgYUGSvmOtlPOuK62g6rvZoNvXLTVZ5DjX
+VlYSeGHvgs4AdwAiRUUHWVUkVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAW/M
+W8BMAAAEAwBIMEYCIQDqnpR2rF1G64aUHtSFSCOV/Mpo0pVwGw7UFskxeFigQwIh
+AMSJFNXBWNzJ1BAYzeJ4BsjGm+pspA3It3fitblscotrMA0GCSqGSIb3DQEBCwUA
+A4IBAQC+6qFPoMSejF6LC4iqJEFtzzLCzM8TDYEliHEtwj7fU8+rIDUSp9MgeCkl
+IB2iDXhW7rzTMfAMEc0MhuFmMgr8q7hH0GtdodSGIbJv41nZSXbDUIfLWZYO2u/v
+qbG8d0a5tU07KmZy7Q0mAlFOAA3OhXD9kHuLutMcvJf6XpFqHHXkDy88G/8hYhRr
+aMlXhP/uoyZ2dm5N/vMzo4pmOhuu5JF7Zjc97N/cHsmpixTgICjCXCehwby4nzEG
+ExJmdpxW2LD9UGduWYMVU5SARR2Atq+6UKaHmiehoUFWmm5Gkb18OfTFsQPTT2Y2
+tN5L9MD1jWDYoR1Yexg4LBV7gs/P
+-----END CERTIFICATE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Botan-2.18.0/src/tests/data/x509/misc/name_constraint_ci/root.pem
new/Botan-2.18.1/src/tests/data/x509/misc/name_constraint_ci/root.pem
--- old/Botan-2.18.0/src/tests/data/x509/misc/name_constraint_ci/root.pem
1970-01-01 01:00:00.000000000 +0100
+++ new/Botan-2.18.1/src/tests/data/x509/misc/name_constraint_ci/root.pem
2021-05-09 10:53:01.000000000 +0200
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE
+BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w
+MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290
+IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC
+SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1
+ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv
+UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX
+4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9
+KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/
+gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb
+rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ
+51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F
+be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe
+KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F
+v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn
+fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7
+jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz
+ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt
+ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL
+e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70
+jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz
+WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V
+SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j
+pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX
+X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok
+fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R
+K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU
+ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU
+LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT
+LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
+-----END CERTIFICATE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Botan-2.18.0/src/tests/data/x509/misc/nc_skip_self/int.pem
new/Botan-2.18.1/src/tests/data/x509/misc/nc_skip_self/int.pem
--- old/Botan-2.18.0/src/tests/data/x509/misc/nc_skip_self/int.pem
1970-01-01 01:00:00.000000000 +0100
+++ new/Botan-2.18.1/src/tests/data/x509/misc/nc_skip_self/int.pem
2021-05-09 10:53:01.000000000 +0200
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFLjCCAxagAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMQswCQYDVQQGEwJDWjEP
+MA0GA1UEBwwGUHJhZ3VlMRMwEQYDVQQKDApUZXN0Um9vdENBMB4XDTIxMDUwNDEw
+NDY0MVoXDTIyMDUwNDEwNDY0MVowOzELMAkGA1UEBhMCQ1oxDzANBgNVBAcMBlBy
+YWd1ZTEbMBkGA1UECgwSVGVzdEludGVybWVkaWF0ZUNBMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA03ZbIxKV+vGe2Uo/052UEarHfylH0eHbFXcedfb/
+Py8y7+cIz4ZtsLoo2XRMoLVvnJglOcSPR72riLknrQ6jo8hktdAr+8JntmasnkR7
+xJBafk8xZZzvRQ/DwNEzq9uASRWrLJpmPP7+SinQWUa8n5dZ+cdCJoLhocPBxvd4
+ZxbyFsiQ9ttjJm8cF8VJN1KM4lpRweNZJdxuezdVxUzEV1dpr5QyY8cQWStJBzP1
+nKpXm9D3vawuOfP1hJ6QYET7pIvpzNuRW5pEnSjegoDieTFxp7cz2giGAE/uKe3L
+P45xT6IrH+oaHYiMEla1mwW1i5NJKNpPVqI7LLjVPSsqCRRjsgQrFuDxkX88UjsM
+f0F1/YY/xwppd9ha2Zv3KXsF4dDFAiLGzj3MhkXFrEvbs6cdetoDFPmrBbP7B7GY
+2HK1BuqbxmmWjLnmUoO0zX8NMIkA3PbKZEzVeUlVuoxQ8lxwLlF3zmyJna7Nyuud
+K/cW9mIhChJib++HcoHxyWPwD13aD1mnHoW4xFGCSVc48qjRQ530bKo8P6yRBSHa
+fDtcjhcTa5svGHx7uK9z/ZRI9FAIOxu+zJnOiCq7LCKIF9RiBzLuww9YpC0ZEZYu
+KMPu+/PfDVnnI4TxdKtXa7iJeJosc+SEUnzBFUa4FRlMB3GVnk7xkXQfrJ6y8XJG
+r1MCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAwBgNVHR4BAf8EJjAkoCIwIKQe
+MBwxCzAJBgNVBAYTAkNaMQ0wCwYDVQQHDARCcm5vMA0GCSqGSIb3DQEBCwUAA4IC
+AQBjL9/LijOxwU9iJ/BV68CEpxWj0OD9qfGknnroS4XSNkgll9exqjI7WBWCyOls
+SDyN2NgFrOqRj5vh6x/UhuEjfrYoJBDgyZM0sA2ZLRd1Cnno2xlnodNHUZxeUvl4
+hm/wecmO8fN36LiZfc6PAsEJ9Z4uh/a7QHDKNpy+egenQcpM7LFjCU+bMGP8Xp/u
+l09LXmb4kqeYp9ljpf6biMPPMmORlYEtn8+C3i4AR/uWWu2eEjcrB5ImcyTnCzBu
+4Tm4qjCDo2wRbFGnm/nXyOx7C6+Ay0pNO/DWSB21qexK13mKkgB+D3G9hVH5pOIu
+elu7Zw9pl2qsTnH5iM8SHK2vZPeWPYiI68uCqAKiVRCRkt3GWVn1XH1Jff3Hyyku
+Z9KC/pSTZW3IyAxsk2wIhVHK8W95Uy0WRLvioxYvJrCGfuRG5vBE0Ix2/yRtUXGZ
+ze4+tWFRCPc7qdVURPMpwkla3U7BQoSk77q6b0crsDqs2NLPEdAOle+TdTAhXlZY
+9HNm8l/ZrXFFbJiYVT5GnMvKZxMx60u4+WKwiVa0MOrn1Cp0peMds9ab9gTtN9n+
+5CnpKYsf4OQY47PGS65Ef4q2D4h8nK0ufoDTMZyDz8BkSknztFfvSISAR942f0RD
+5CZP6FCUJ10K02umvACjXlMhJntrwXXeofs+k4W2YLVxjw==
+-----END CERTIFICATE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Botan-2.18.0/src/tests/data/x509/misc/nc_skip_self/leaf.pem
new/Botan-2.18.1/src/tests/data/x509/misc/nc_skip_self/leaf.pem
--- old/Botan-2.18.0/src/tests/data/x509/misc/nc_skip_self/leaf.pem
1970-01-01 01:00:00.000000000 +0100
+++ new/Botan-2.18.1/src/tests/data/x509/misc/nc_skip_self/leaf.pem
2021-05-09 10:53:01.000000000 +0200
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE4DCCAsgCAQEwDQYJKoZIhvcNAQELBQAwOzELMAkGA1UEBhMCQ1oxDzANBgNV
+BAcMBlByYWd1ZTEbMBkGA1UECgwSVGVzdEludGVybWVkaWF0ZUNBMB4XDTIxMDUw
+NDEwNDY0MloXDTIyMDUwNDEwNDY0MlowMTELMAkGA1UEBhMCQ1oxDTALBgNVBAcM
+BEJybm8xEzARBgNVBAoMClRlc3RTZXJ2ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDNE0EdswXQphxPwaYXukZB3oIsZZ76TsRk+L2eVutpLT1L3W+Q
+0phTOmwjTguL365ZXllLN3hbPwLgjZzWG2T4sBPLGhSxkasuLk+2YrSg0Qz0iML5
+3wGQtV6KGqb/giPWTbtexelcrfL/3B3ejzIFvkuiQXxzfimNZyg3i4JVMmnKkj2A
+Kq4pcJRFx3vzkAptcnJc+UQQpjYcizjvBm3+9XALeNlEbwoj//ySP1OtrZVwpbzq
+ARGe4LjkTuBr/T9DhTEVAKW4NQGdUPJV54mkoP/hQ1G0r3qpaAC9i4UtLXCy7o63
+R0vVsIOi+JNyoxeO3XRqt0rV2U1DLwpAj0k1dhNCWQIys4Ufep4AKxGHjkYUznaA
+A27NxNSaAnc1g4rTteMkiDW+Ao32/J3NikW7sA+tOpklvrQ+jysIGkXjvVjMylsu
+BO80bhrm8JSyWuL1KPTe1nLjECewYm9TuxAyiQTglBaHoJOrfyvd5Tu9gNopIhdR
+WwXb2ajxLAqgqOhtfrV+fcvLIucP5B+dcAixdVnOFk62Vi4kyZLRgkK80JvhtdLu
+xZWiCemmTxaG/6SYvpu3QmYcY7ee8I2hG05chGyCg7Zcnf4CVasMCgfbYgkt6Tzw
+CzVZFEVDBbEjWQeEegQmVRVrfqHbmHm3ge6AyekSfAoHlv6IsRImJZta6QIDAQAB
+MA0GCSqGSIb3DQEBCwUAA4ICAQAlcVI/elokcYZg1N+WEf+9SV3XakivfHFVTf0w
+y9RlJ8HRaYN/Nnreo6RK+ps/RflNJi4+ncQazCzTOIchC2Wiaf0h3HspZ4N78j1y
+rsT6LAm+eakzazl45pqVcJQ8jeTrjqOFerK+tQd9NQbsqkzmnQ2WmpFwDXdwY/T6
+H/TpwGwUTgYK/UW9WqgWCpTNDVfU6tYTD0KrlnnnPu2vtniLD4fJq/3NaESOrMCC
+zNonH1dpIYERyu0l27rRw0zuexSyAAL0fd8OGdtpfeE7RbptCxwVmwz6/klluKOb
+8YV53T4HnwKYtLmD+UMPdWAVzj4TdOSDTuOxQhu+NwjPMYKvMF2phN4v1BpVgUuy
+m4HfuEpfHmHKsNPFJWZ9E28bbUJ39+LtARf3pqUL66V3CAlNodi6tpWqz4b3nPo+
+JznOox/ujntISe1ziNL6lHdGUFn9QaLQiXyIYZLNqheJ2GX4cHnKfzZxp/KqRBRA
+Z/kUtHSAyL/LSJ3fAHxRdGmSiBP37PmDw7i11w9kd4EPK2EkiqZtmiQtDrsOQfh1
+0SeP4DHf3n7VoyGBDfpiC1WFnSafbMG+tOl7QuRX4RCJrVQWjFT73q0MCciryK7Z
+TsUM+yHjDZY33k/kvevptczjWk1dxQ5Napr4ayW4jWvdWV55/lLYmhC8JP6La+1h
+j50djA==
+-----END CERTIFICATE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Botan-2.18.0/src/tests/data/x509/misc/nc_skip_self/root.pem
new/Botan-2.18.1/src/tests/data/x509/misc/nc_skip_self/root.pem
--- old/Botan-2.18.0/src/tests/data/x509/misc/nc_skip_self/root.pem
1970-01-01 01:00:00.000000000 +0100
+++ new/Botan-2.18.1/src/tests/data/x509/misc/nc_skip_self/root.pem
2021-05-09 10:53:01.000000000 +0200
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBzCCAu+gAwIBAgIUF/jloc5zNYR3gyPGyMfuC4Qf5cEwDQYJKoZIhvcNAQEL
+BQAwMzELMAkGA1UEBhMCQ1oxDzANBgNVBAcMBlByYWd1ZTETMBEGA1UECgwKVGVz
+dFJvb3RDQTAeFw0yMTA1MDQxMDQ2MzhaFw0yMjA1MDQxMDQ2MzhaMDMxCzAJBgNV
+BAYTAkNaMQ8wDQYDVQQHDAZQcmFndWUxEzARBgNVBAoMClRlc3RSb290Q0EwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDSmObXNfY3NDTfYwTykRtTaJs9
+tw4qqw6oXQc5FSK7Itwo90i7VjyTa+yVWulRGyqeSGanqvbZeSuF6ZB4tVmTi+gH
+HlxBnT0zamYNdR4Yo5OzhXGyuaXuACTCj5N0OtMTjlOS0qsxTnsD8lgUHY0dUWpq
+e2JsduiS+fXuE6tde0IAH3Rr47gTHPlXsAYl2T48s+3pv9MY5MGSSusakDXqjdLB
+mnfhoOCfbBWm61GNHBfVVFx6MAEAM8r6fTR0OZxynhcocT5yAbrKz72jLtT+savO
+5ehq1vawpsgX3CmS4WmClnVEoOPh80a1F1aAr4bvcK2GmFLiBLIKZpGAiQLZe1QE
+9Y/Q361zmY9ghQOldTFi7ZK3Bx8B/3hBS+1lQFrw+NlOqqkf3RruDfz04SRZYlKx
+HrY1DEBcPDRYPEmA4QyGm079Pi+IoZzj2ZGUAegBPhd3wG9qeDoM9lB7wdCq3C9V
+j4QQIzcfuecGTEbXD4n6r5gMhW+64LVZ2mDHf3sntc1wO/weBqpGYeX6s3pFIEvR
+f1meuMEploIRYcT0wdIVld0p2nJQXZV2pxNcZ9SWns9AFEvdjb8VMQsuSjit6qxP
+pMarNHkl0a3X7QWUwuWQz6hU7aIDCrXzmk9+ZDs8U5lQaSldyBdAsFMtHTX5s7PH
+VDFg/DHzUW2pk1lNvQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4ICAQDIMLGZgY7TC6rY0zV+MXVC873zz03A58Bd6osCBxrCkIn3aG5h
+4OJ5s6+KmvzhXcb5TnPhHQso+ZCKdl4RJ3byzlH1gPhK+fPFIcivL3L/5P9OvdYQ
+CXPK4vs9sH99YRWM6DsaO4GY9gg/g0gv7VSS4J91d6Mo6G1kQWer+h2YyJH2lO1T
+2CnWYEto0KqztSixDrcBzSpAjvsZfzLNQJlp1IOoRTWgNyWGBztV6blEFu309M7U
+05M+HiZQPu5q0/HQjXy2+uwzcasc3+YD6F/fdFuyCVLa8Bh10PG2mSG98j5QaSw2
+J6z+g4Mb0AgzzcjYRTIMt8ghMYyjstVjzK4UqXlL9/T4xKehFZcc/GQ+5xO/XdI1
+zCSe10+crNiuETRPArE2P5NvqHXKkcuSv7iuFmzc+VJC6Lj3t1sMUIKMCLrQYgXT
+HL91GxX3AhWoLqobr9s4y14oP1CG/TqxQMdXqs7NAs+dJYcY9waFPlgMxzrVKcy3
+Z3thAcqBC6xDr8Ctx7uX7zqdNXZQfGnz2wVW/GSDFpvmmqWnwHiqABkEPMvzmNb/
+OCcmRc45PclyhLc/aMudJTsB36e9Tt/UCWe+iDorsizY4u4Fe+4ujlkyQWgYfvUl
+txvJF3BvCIHwTlFAECgg6Je5qu6yWu4T+P4zPhWj1RaYA1i7cuXTXwKKKg==
+-----END CERTIFICATE-----
Binary files old/Botan-2.18.0/src/tests/data/x509/misc/rdn_set.crt and
new/Botan-2.18.1/src/tests/data/x509/misc/rdn_set.crt differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/src/tests/test_x509_path.cpp
new/Botan-2.18.1/src/tests/test_x509_path.cpp
--- old/Botan-2.18.0/src/tests/test_x509_path.cpp 2021-04-15
07:14:48.000000000 +0200
+++ new/Botan-2.18.1/src/tests/test_x509_path.cpp 2021-05-09
10:53:01.000000000 +0200
@@ -640,6 +640,98 @@
BOTAN_REGISTER_TEST("x509", "x509_name_constraint_san",
Validate_Name_Constraint_SAN_Test);
+class Validate_Name_Constraint_CaseInsensitive final : public Test
+ {
+ public:
+ std::vector<Test::Result> run() override;
+ };
+
+std::vector<Test::Result> Validate_Name_Constraint_CaseInsensitive::run()
+ {
+ if(Botan::has_filesystem_impl() == false)
+ {
+ return {Test::Result::Note("Path validation",
+ "Skipping due to missing filesystem access")};
+ }
+
+ std::vector<Test::Result> results;
+
+ const std::string root_crt =
Test::data_file("/x509/misc/name_constraint_ci/root.pem");
+ const std::string int_crt =
Test::data_file("/x509/misc/name_constraint_ci/int.pem");
+ const std::string ee_crt =
Test::data_file("/x509/misc/name_constraint_ci/leaf.pem");
+
+ auto validation_time =
+ Botan::calendar_point(2021, 5, 8, 1, 0, 0).to_std_timepoint();
+
+ Botan::X509_Certificate root(root_crt);
+ Botan::X509_Certificate intermediate(int_crt);
+ Botan::X509_Certificate ee_cert(ee_crt);
+
+ Botan::Certificate_Store_In_Memory trusted;
+ trusted.add_certificate(root);
+
+ std::vector<Botan::X509_Certificate> chain = { ee_cert, intermediate };
+
+ Botan::Path_Validation_Restrictions restrictions;
+ Botan::Path_Validation_Result validation_result =
+ Botan::x509_path_validate(chain, restrictions, trusted, "",
+ Botan::Usage_Type::UNSPECIFIED,
validation_time);
+
+ Test::Result result("DNS name constraints are case insensitive");
+ result.test_eq("Path validation succeeded",
+ validation_result.successful_validation(), true);
+
+ return {result};
+ }
+
+BOTAN_REGISTER_TEST("x509", "x509_name_constraint_ci",
Validate_Name_Constraint_CaseInsensitive);
+
+class Validate_Name_Constraint_NoCheckSelf final : public Test
+ {
+ public:
+ std::vector<Test::Result> run() override;
+ };
+
+std::vector<Test::Result> Validate_Name_Constraint_NoCheckSelf::run()
+ {
+ if(Botan::has_filesystem_impl() == false)
+ {
+ return {Test::Result::Note("Path validation",
+ "Skipping due to missing filesystem access")};
+ }
+
+ std::vector<Test::Result> results;
+
+ const std::string root_crt =
Test::data_file("/x509/misc/nc_skip_self/root.pem");
+ const std::string int_crt =
Test::data_file("/x509/misc/nc_skip_self/int.pem");
+ const std::string ee_crt =
Test::data_file("/x509/misc/nc_skip_self/leaf.pem");
+
+ auto validation_time =
+ Botan::calendar_point(2021, 5, 8, 1, 0, 0).to_std_timepoint();
+
+ Botan::X509_Certificate root(root_crt);
+ Botan::X509_Certificate intermediate(int_crt);
+ Botan::X509_Certificate ee_cert(ee_crt);
+
+ Botan::Certificate_Store_In_Memory trusted;
+ trusted.add_certificate(root);
+
+ std::vector<Botan::X509_Certificate> chain = { ee_cert, intermediate };
+
+ Botan::Path_Validation_Restrictions restrictions;
+ Botan::Path_Validation_Result validation_result =
+ Botan::x509_path_validate(chain, restrictions, trusted, "",
+ Botan::Usage_Type::UNSPECIFIED,
validation_time);
+
+ Test::Result result("Name constraints do not apply to the certificate which
includes them");
+ result.test_eq("Path validation succeeded",
+ validation_result.successful_validation(), true);
+
+ return {result};
+ }
+
+BOTAN_REGISTER_TEST("x509", "x509_name_constraint_no_check_self",
Validate_Name_Constraint_NoCheckSelf);
+
class BSI_Path_Validation_Tests final : public Test
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Botan-2.18.0/src/tests/unit_x509.cpp
new/Botan-2.18.1/src/tests/unit_x509.cpp
--- old/Botan-2.18.0/src/tests/unit_x509.cpp 2021-04-15 07:14:48.000000000
+0200
+++ new/Botan-2.18.1/src/tests/unit_x509.cpp 2021-05-09 10:53:01.000000000
+0200
@@ -460,6 +460,20 @@
return result;
}
+Test::Result test_rdn_multielement_set_name()
+ {
+ Test::Result result("DN with multiple elements in RDN");
+
+ // GH #2611
+
+ Botan::X509_Certificate cert(Test::data_file("x509/misc/rdn_set.crt"));
+
+ result.confirm("contains expected name components",
+ cert.issuer_dn().get_attributes().size() == 4);
+
+ return result;
+ }
+
Test::Result test_rsa_oaep()
{
Test::Result result("RSA OAEP decoding");
@@ -1718,6 +1732,7 @@
results.push_back(test_x509_utf8());
results.push_back(test_x509_bmpstring());
results.push_back(test_crl_dn_name());
+ results.push_back(test_rdn_multielement_set_name());
results.push_back(test_x509_decode_list());
results.push_back(test_rsa_oaep());
results.push_back(test_x509_authority_info_access_extension());
