The ASN1 functions for NAME_CONSTRAINTS are not declared or implemented in the
current OpenSSL releases. This is inconsistent with other extension structs and
(I believe) means you either need to declare them yourself or attempt to build
NAME_CONSTRAINTS using nconf functions. Below is a patch to current git master
that adds support for these functions.
If there's a preferred way to test that these macros behave as expected I'll be
happy to add the tests to this patch.
-Paul Kehrer
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index d3f79ba..e679f0a 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -109,7 +109,7 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+IMPLEMENT_ASN1_FUNCTIONS(NAME_CONSTRAINTS)
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index b5ea84a..f2e8598 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -591,7 +591,7 @@ DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
-DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+DECLARE_ASN1_FUNCTIONS(NAME_CONSTRAINTS)
DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
