Skip to content

CN constraints fix#10223

Open
rlm2002 wants to merge 2 commits intowolfSSL:masterfrom
rlm2002:zd21611
Open

CN constraints fix#10223
rlm2002 wants to merge 2 commits intowolfSSL:masterfrom
rlm2002:zd21611

Conversation

@rlm2002
Copy link
Copy Markdown
Contributor

@rlm2002 rlm2002 commented Apr 14, 2026
edited
Loading

Description

Applies DNS name constraints to Subject CN when SAN is unavailable.

Fixes zd#21611

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@rlm2002 rlm2002 self-assigned this Apr 14, 2026
@rlm2002 rlm2002 marked this pull request as ready for review April 14, 2026 19:12
@rlm2002 rlm2002 changed the title CN constraints and Signature length check CN constraints fix Apr 14, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 15, 2026
edited
Loading

MemBrowse Memory Report

gcc-arm-cortex-m4-tls12

@rlm2002
Copy link
Copy Markdown
Contributor Author

rlm2002 commented Apr 15, 2026
edited
Loading

retest this please Jenkins: history deleted

@rlm2002
Copy link
Copy Markdown
Contributor Author

rlm2002 commented Apr 16, 2026

Retest this please Jenkins. generic-config-parser failed

@rlm2002 rlm2002 assigned wolfSSL-Bot and rlm2002 and unassigned rlm2002 and wolfSSL-Bot Apr 16, 2026
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10223

Scan targets checked: wolfcrypt-api_misuse, wolfcrypt-bugs, wolfcrypt-compliance, wolfcrypt-concurrency, wolfcrypt-consttime, wolfcrypt-defaults, wolfcrypt-mutation, wolfcrypt-portability, wolfcrypt-proptest, wolfcrypt-src, wolfcrypt-zeroize

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread wolfcrypt/src/asn.c
SparkiDev
SparkiDev previously approved these changes Apr 17, 2026
View reviewed changes
@rlm2002
test DNS name constraints on CA are applied against Subject CN name w…
797ba3f 
…hen SAN name is unavailable

test correct CN with no SAN available is accepted
@rlm2002 rlm2002 removed their assignment Apr 17, 2026
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10223

Scan targets checked: wolfcrypt-api_misuse, wolfcrypt-bugs, wolfcrypt-compliance, wolfcrypt-concurrency, wolfcrypt-consttime, wolfcrypt-defaults, wolfcrypt-mutation, wolfcrypt-portability, wolfcrypt-proptest, wolfcrypt-src, wolfcrypt-zeroize

No new issues found in the changed files. ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

@SparkiDev SparkiDev SparkiDev left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rlm2002 @SparkiDev @wolfSSL-Fenrir-bot @wolfSSL-Bot