Re: [openssl-dev] [PATCH] Declare/Implement ASN1_FUNCTIONS for NAME_CONSTRAINTS

Sat, 09 Jan 2016 14:49:51 -0800 

You might also take a look at https://rt.openssl.org/Ticket/Display.html?id=3502


--  
Senior Architect, Akamai Technologies
IM: [email protected] Twitter: RichSalz


> -----Original Message-----
> From: Paul Kehrer [mailto:[email protected]]
> Sent: Saturday, January 09, 2016 3:20 PM
> To: [email protected]
> Subject: [openssl-dev] [PATCH] Declare/Implement ASN1_FUNCTIONS for
> NAME_CONSTRAINTS
> 
> The ASN1 functions for NAME_CONSTRAINTS are not declared or
> implemented in the current OpenSSL releases. This is inconsistent with other
> extension structs and (I believe) means you either need to declare them
> yourself or attempt to build NAME_CONSTRAINTS using nconf functions.
> Below is a patch to current git master that adds support for these functions.
> 
> If there's a preferred way to test that these macros behave as expected I'll
> be happy to add the tests to this patch.
> 
> 
> -Paul Kehrer
> 
> 
> 
> diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index
> d3f79ba..e679f0a 100644
> --- a/crypto/x509v3/v3_ncons.c
> +++ b/crypto/x509v3/v3_ncons.c
> @@ -109,7 +109,7 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
> 
> 
>  IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
> -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
> +IMPLEMENT_ASN1_FUNCTIONS(NAME_CONSTRAINTS)
> 
>  static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD
> *method,
>                                    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) 
> *nval) diff --git
> a/include/openssl/x509v3.h b/include/openssl/x509v3.h index
> b5ea84a..f2e8598 100644
> --- a/include/openssl/x509v3.h
> +++ b/include/openssl/x509v3.h
> @@ -591,7 +591,7 @@ DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
>  DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
> 
>  DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
> -DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
> +DECLARE_ASN1_FUNCTIONS(NAME_CONSTRAINTS)
> 
>  DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
>  DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
> 
> 
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to