1 files changed, 18 insertions, 5 deletions

diff --git a/src/lib/cert/x509/x509cert.h b/src/lib/cert/x509/x509cert.h
index d5784f427..aa910f665 100644
--- a/src/lib/cert/x509/x509cert.h
+++ b/src/lib/cert/x509/x509cert.h
@@ -14,6 +14,7 @@
 #include <botan/asn1_alt_name.h>
 #include <botan/datastor.h>
 #include <botan/key_constraint.h>
+#include <botan/name_constraint.h>
 #include <map>
 
 namespace Botan {
@@ -64,9 +65,9 @@ class BOTAN_DLL X509_Certificate final : public X509_Object
       * "X509.Certificate.start", "X509.Certificate.end",
       * "X509.Certificate.v2.key_id", "X509.Certificate.public_key",
       * "X509v3.BasicConstraints.path_constraint",
-      * "X509v3.BasicConstraints.is_ca", "X509v3.ExtendedKeyUsage",
-      * "X509v3.CertificatePolicies", "X509v3.SubjectKeyIdentifier" or
-      * "X509.Certificate.serial".
+      * "X509v3.BasicConstraints.is_ca", "X509v3.NameConstraints",
+      * "X509v3.ExtendedKeyUsage", "X509v3.CertificatePolicies",
+      * "X509v3.SubjectKeyIdentifier" or "X509.Certificate.serial".
       * @return value(s) of the specified parameter
       */
       std::vector<std::string> subject_info(const std::string& name) const;
@@ -156,6 +157,12 @@ class BOTAN_DLL X509_Certificate final : public X509_Object
       u32bit path_limit() const;
 
       /**
+      * Check whenever a given X509 Extension is marked critical in this
+      * certificate.
+      */
+      bool is_critical(const std::string& ex_name) const;
+
+      /**
       * Get the key constraints as defined in the KeyUsage extension of this
       * certificate.
       * @return key constraints
@@ -164,13 +171,19 @@ class BOTAN_DLL X509_Certificate final : public X509_Object
 
       /**
       * Get the key constraints as defined in the ExtendedKeyUsage
-      * extension of this
-      * certificate.
+      * extension of this certificate.
       * @return key constraints
       */
       std::vector<std::string> ex_constraints() const;
 
       /**
+      * Get the name constraints as defined in the NameConstraints
+      * extension of this certificate.
+      * @return name constraints
+      */
+      NameConstraints name_constraints() const;
+
+      /**
       * Get the policies as defined in the CertificatePolicies extension
       * of this certificate.
       * @return certificate policies