[gnutls-devel] GnuTLS | X509:Fix incorrect handling in name constraints merging (!1997)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon Aug 4 09:49:16 CEST 2025
chenjianhu commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1997#note_2665996178
I did not write a separate test case. Instead, I modified nc1 to nc2
in line 112 of tests/name-constraints-merge.c, so that nc2 contains
an independent email constraint.
Prior to this commit, the email constraint would not be appended to nc1,
resulting in the email constraint not taking effect.In line 185 of the
test case would fail validation:
set_name("xxx.ccc.com", &name);
ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_RFC822NAME,&name);
check_test_result(suite, ret, NAME_REJECTED, &name);
After applying this commit, the email constraint will be appended to nc1,
and the test case will meet the expected result.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1997#note_2665996178
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250804/f08f883c/attachment.html>
More information about the Gnutls-devel
mailing list