Add subjectAltName to the list of known critical extensions

author: Werner Koch <[email protected]> 2007-01-05 11:49:19 +0000
committer: Werner Koch <[email protected]> 2007-01-05 11:49:19 +0000
commit: 05277262bc2d4ebc42eb8ae76f5922010a36665a (patch)
tree: 5a32ec5bb63d42e1f8fb52c70d053e3ff9ac52b3
parent: Installed revised and updated translation (diff)
download: gnupg-05277262bc2d4ebc42eb8ae76f5922010a36665a.tar.gz
gnupg-05277262bc2d4ebc42eb8ae76f5922010a36665a.zip
2 files changed, 10 insertions, 0 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog
index a4807bf20..f249c73af 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,7 @@
+2007-01-05  Werner Koch  <[email protected]>
+
+	* certchain.c (unknown_criticals): Add subjectAltName.
+
 2006-12-21  Werner Koch  <[email protected]>
 
 	* gpgsm.c: Comment mtrace feature.
diff --git a/sm/certchain.c b/sm/certchain.c
index 2745129eb..d4147b3f7 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -137,6 +137,12 @@ unknown_criticals (ksba_cert_t cert, int listmode, FILE *fp)
 {
   static const char *known[] = {
     "2.5.29.15", /* keyUsage */
+    "2.5.29.17", /* subjectAltName
+                    Japanese DoCoMo certs mark them as critical.  PKIX
+                    only requires them as critical if subjectName is
+                    empty.  I don't know whether our code gracefully
+                    handles such empry subjectNames but that is
+                    another story. */
     "2.5.29.19", /* basic Constraints */
     "2.5.29.32", /* certificatePolicies */
     "2.5.29.37", /* extendedKeyUsage - handled by certlist.c */
author	Werner Koch <[email protected]>	2007-01-05 11:49:19 +0000
committer	Werner Koch <[email protected]>	2007-01-05 11:49:19 +0000
commit	05277262bc2d4ebc42eb8ae76f5922010a36665a (patch)
tree	5a32ec5bb63d42e1f8fb52c70d053e3ff9ac52b3
parent	Installed revised and updated translation (diff)
download	gnupg-05277262bc2d4ebc42eb8ae76f5922010a36665a.tar.gz gnupg-05277262bc2d4ebc42eb8ae76f5922010a36665a.zip