supported_exts: inhibit anypolicy is listed as supported

Since we don't support certificate verification based on policies, we make sure we do not reject any certificates based on the inhibit any policy extension being present. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-04-05 15:36:47 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-04-06 12:57:07 +0200
commit: 23139cfe03b16bb206634dee791855336f423026 (patch)
tree: 46e3ebd8dca148eef34b5807645a5011a594d8a0
parent: 99bfa2f551a307b28ded575b88d171cf7850822e (diff)
download: gnutls-23139cfe03b16bb206634dee791855336f423026.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/x509/supported_exts.gperf b/lib/x509/supported_exts.gperf
index c74a6a1cc4..aa5a6c10da 100644
--- a/lib/x509/supported_exts.gperf
+++ b/lib/x509/supported_exts.gperf
@@ -22,8 +22,6 @@ struct supported_exts_st { const char *name; };
 2.5.29.30
 #GNUTLS_X509EXT_OID_CRL_DIST_POINTS
 2.5.29.31
-#GNUTLS_X509EXT_OID_CRT_POLICY
-2.5.29.32
 #GNUTLS_X509EXT_OID_AUTHORITY_KEY_ID
 2.5.29.35
 #GNUTLS_X509EXT_OID_EXTENDED_KEY_USAGE
@@ -34,3 +32,9 @@ struct supported_exts_st { const char *name; };
 1.3.6.1.5.5.7.1.14
 #GNUTLS_X509EXT_OID_TLSFEATURES
 1.3.6.1.5.5.7.1.24
+# We do not support verification with specific policies,
+# as such all the policies and restrictions are acceptable.
+#GNUTLS_X509EXT_OID_CRT_POLICY
+2.5.29.32
+#GNUTLS_X509EXT_OID_INHIBIT_ANYPOLICY
+2.5.29.54
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-04-05 15:36:47 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-04-06 12:57:07 +0200
commit	23139cfe03b16bb206634dee791855336f423026 (patch)
tree	46e3ebd8dca148eef34b5807645a5011a594d8a0
parent	99bfa2f551a307b28ded575b88d171cf7850822e (diff)
download	gnutls-23139cfe03b16bb206634dee791855336f423026.tar.gz