diff options
author | Kai Engert <kaie@kuix.de> | 2017-04-04 19:38:42 +0200 |
---|---|---|
committer | Kai Engert <kaie@kuix.de> | 2017-04-04 19:38:42 +0200 |
commit | bea00520db3c081f9107e6047bb4ef527dc47fae (patch) | |
tree | de8a83c402bf716dd22c8d6c0c29abdf2bd011af /lib | |
parent | 25cc146c0247096b1b4e515803002a3e5412e5fc (diff) | |
download | nss-hg-bea00520db3c081f9107e6047bb4ef527dc47fae.tar.gz |
Bug 1349705, add domain name constraints for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" to NSS function CERT_GetImposedNameConstraints, r=keeler
(CERT_GetImposedNameConstraints is used by both NSS and Firefox/PSM certificate verification code.)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/certdb/genname.c | 37 |
1 files changed, 33 insertions, 4 deletions
diff --git a/lib/certdb/genname.c b/lib/certdb/genname.c index b8f665484..644913cee 100644 --- a/lib/certdb/genname.c +++ b/lib/certdb/genname.c @@ -1588,10 +1588,10 @@ done: STRING_TO_SECITEM(CA##_NAME_CONSTRAINTS) \ } -/* Agence Nationale de la Securite des Systemes d'Information (ANSSI) */ - /* clang-format off */ +/* Agence Nationale de la Securite des Systemes d'Information (ANSSI) */ + #define ANSSI_SUBJECT_DN \ "\x30\x81\x85" \ "\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02" "FR" /* C */ \ @@ -1619,10 +1619,39 @@ done: "\x30\x05\x82\x03" ".nc" \ "\x30\x05\x82\x03" ".tf" +/* TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 */ + +#define TUBITAK1_SUBJECT_DN \ + "\x30\x81\xd2" \ + "\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02" \ + /* C */ "TR" \ + "\x31\x18\x30\x16\x06\x03\x55\x04\x07\x13\x0f" \ + /* L */ "Gebze - Kocaeli" \ + "\x31\x42\x30\x40\x06\x03\x55\x04\x0a\x13\x39" \ + /* O */ "Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK" \ + "\x31\x2d\x30\x2b\x06\x03\x55\x04\x0b\x13\x24" \ + /* OU */ "Kamu Sertifikasyon Merkezi - Kamu SM" \ + "\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d" \ + /* CN */ "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" + +#define TUBITAK1_NAME_CONSTRAINTS \ + "\x30\x65\xa0\x63" \ + "\x30\x09\x82\x07" ".gov.tr" \ + "\x30\x09\x82\x07" ".k12.tr" \ + "\x30\x09\x82\x07" ".pol.tr" \ + "\x30\x09\x82\x07" ".mil.tr" \ + "\x30\x09\x82\x07" ".tsk.tr" \ + "\x30\x09\x82\x07" ".kep.tr" \ + "\x30\x09\x82\x07" ".bel.tr" \ + "\x30\x09\x82\x07" ".edu.tr" \ + "\x30\x09\x82\x07" ".org.tr" + /* clang-format on */ -static const SECItem builtInNameConstraints[][2] = { NAME_CONSTRAINTS_ENTRY( - ANSSI) }; +static const SECItem builtInNameConstraints[][2] = { + NAME_CONSTRAINTS_ENTRY(ANSSI), + NAME_CONSTRAINTS_ENTRY(TUBITAK1) +}; SECStatus CERT_GetImposedNameConstraints(const SECItem *derSubject, SECItem *extensions) |