[openssl-dev] [PATCH] Declare/Implement ASN1_FUNCTIONS for NAME_CONSTRAINTS
Paul Kehrer
paul.l.kehrer at gmail.com
Sat Jan 9 20:20:22 UTC 2016
The ASN1 functions for NAME_CONSTRAINTS are not declared or implemented in the current OpenSSL releases. This is inconsistent with other extension structs and (I believe) means you either need to declare them yourself or attempt to build NAME_CONSTRAINTS using nconf functions. Below is a patch to current git master that adds support for these functions.
If there's a preferred way to test that these macros behave as expected I'll be happy to add the tests to this patch.
-Paul Kehrer
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index d3f79ba..e679f0a 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -109,7 +109,7 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+IMPLEMENT_ASN1_FUNCTIONS(NAME_CONSTRAINTS)
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index b5ea84a..f2e8598 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -591,7 +591,7 @@ DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
-DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+DECLARE_ASN1_FUNCTIONS(NAME_CONSTRAINTS)
DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
More information about the openssl-dev
mailing list