Add subjectAltName to the list of known critical extensions

2024-12-22 10:19:57 +01:00 · 2007-01-05 11:49:19 +00:00 · 2007-01-05 11:49:19 +00:00 · 05277262bc
commit 05277262bc
parent e6ba1780cc
2 changed files with 10 additions and 0 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,7 @@
 2007-01-05  Werner Koch  <wk@g10code.com>
 	* certchain.c (unknown_criticals): Add subjectAltName.
 2006-12-21  Werner Koch  <wk@g10code.com>
 	* gpgsm.c: Comment mtrace feature.
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -137,6 +137,12 @@ unknown_criticals (ksba_cert_t cert, int listmode, FILE *fp)
 {
  static const char *known[] = {
    "2.5.29.15", /* keyUsage */
    "2.5.29.17", /* subjectAltName
                    Japanese DoCoMo certs mark them as critical.  PKIX
                    only requires them as critical if subjectName is
                    empty.  I don't know whether our code gracefully
                    handles such empry subjectNames but that is
                    another story. */
    "2.5.29.19", /* basic Constraints */
    "2.5.29.32", /* certificatePolicies */
    "2.5.29.37", /* extendedKeyUsage - handled by certlist.c */