Thanks Matt,
Sent to [email protected]. However, I didn't see it in http://rt.openssl.org/.
Is it supposed to update realtime?
Regards,
---
Luiz Angelo Daros de Luca, Me.
[email protected]
2014-05-03 17:15 GMT-03:00 Matt Caswell <[email protected]>:
> On 3 May 2014 18:52, <[email protected]> wrote:
> > From: Luiz Angelo Daros de Luca <[email protected]>
> >
> > OpenSSL is able to generate a certificate with name constraints with any
> possible
> > subjectAltName field. The Name Contraint example in x509v3_config(5)
> even use IP
> > as an example:
> >
> > nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
> >
> > However, until now, the verify code for IP name contraints did not
> exist. Any
> > check with a IP Address Name Constraint results in a "unsupported name
> constraint
> > type" error.
> >
> > This patch implements support for IP Address Name Constraint (v4 and
> v6). This code
> > validaded correcly certificates with multiple IPv4/IPv6 address checking
> against
> > a CA certificate with these constraints:
> >
> > permitted;IP.1=10.9.0.0/255.255.0.0
> > permitted;IP.2=10.48.0.0/255.255.0.0
> > permitted;IP.3=10.148.0.0/255.255.0.0
> > permitted;IP.4=fdc8:123f:e31f::/ffff:ffff:ffff::
>
> Hi Luiz
>
> Please can you send patch submissions to the RT system: [email protected]
>
> Thanks
>
> Matt
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [email protected]
> Automated List Manager [email protected]
>
