X509: Add basic IP name constraints and accompanying tests (!12) · Merge requests · gnutls / GnuTLS · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

The source project of this merge request has been removed.

username-removed-586550 requested to merge (removed):name-constraints into master Jun 29, 2016

Done:

Add basic IP constraints checking during certificate validation.
Test both IPv4 and IPv6.
Add unit tests and complete chain verification tests.

Still missing:

Constraints merging from multiple certificates.
Only explicit constraints checked (no checking for reserved ranges, IPv6 addresses mapped to IPv4 and such).