On 3 May 2014 18:52, <[email protected]> wrote: > From: Luiz Angelo Daros de Luca <[email protected]> > > OpenSSL is able to generate a certificate with name constraints with any > possible > subjectAltName field. The Name Contraint example in x509v3_config(5) even use > IP > as an example: > > nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 > > However, until now, the verify code for IP name contraints did not exist. Any > check with a IP Address Name Constraint results in a "unsupported name > constraint > type" error. > > This patch implements support for IP Address Name Constraint (v4 and v6). > This code > validaded correcly certificates with multiple IPv4/IPv6 address checking > against > a CA certificate with these constraints: > > permitted;IP.1=10.9.0.0/255.255.0.0 > permitted;IP.2=10.48.0.0/255.255.0.0 > permitted;IP.3=10.148.0.0/255.255.0.0 > permitted;IP.4=fdc8:123f:e31f::/ffff:ffff:ffff::
Hi Luiz Please can you send patch submissions to the RT system: [email protected] Thanks Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
