Add subjectAltName to the list of known critical extensions
authorWerner Koch <wk@gnupg.org>
Fri, 5 Jan 2007 11:49:19 +0000 (11:49 +0000)
committerWerner Koch <wk@gnupg.org>
Fri, 5 Jan 2007 11:49:19 +0000 (11:49 +0000)
sm/ChangeLog
sm/certchain.c

index a4807bf..f249c73 100644 (file)
@@ -1,3 +1,7 @@
+2007-01-05  Werner Koch  <wk@g10code.com>
+
+       * certchain.c (unknown_criticals): Add subjectAltName.
+
 2006-12-21  Werner Koch  <wk@g10code.com>
 
        * gpgsm.c: Comment mtrace feature.
index 2745129..d4147b3 100644 (file)
@@ -137,6 +137,12 @@ unknown_criticals (ksba_cert_t cert, int listmode, FILE *fp)
 {
   static const char *known[] = {
     "2.5.29.15", /* keyUsage */
+    "2.5.29.17", /* subjectAltName
+                    Japanese DoCoMo certs mark them as critical.  PKIX
+                    only requires them as critical if subjectName is
+                    empty.  I don't know whether our code gracefully
+                    handles such empry subjectNames but that is
+                    another story. */
     "2.5.29.19", /* basic Constraints */
     "2.5.29.32", /* certificatePolicies */
     "2.5.29.37", /* extendedKeyUsage - handled by certlist.c */