diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2000-09-05 17:53:58 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2000-09-05 17:53:58 +0000 |
| commit | 2f043896d14f5b1ced08bcc8bec3e38e7a18d96f (patch) | |
| tree | 30c91e35a2b02dadc58fc56355894b4345142e51 /crypto/x509/x509_txt.c | |
| parent | 29eb7d9ce0488690cca532d0ecb4075b5ca59209 (diff) | |
| download | openssl-2f043896d14f5b1ced08bcc8bec3e38e7a18d96f.tar.gz | |
*BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
Diffstat (limited to 'crypto/x509/x509_txt.c')
| -rw-r--r-- | crypto/x509/x509_txt.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 209cf53191..cfb478d4bc 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -132,6 +132,15 @@ const char *X509_verify_cert_error_string(long n) return ("certificate rejected"); case X509_V_ERR_APPLICATION_VERIFICATION: return("application verification failure"); + case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: + return("subject issuer mismatch"); + case X509_V_ERR_AKID_SKID_MISMATCH: + return("authority and subject key identifier mismatch"); + case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: + return("authority and issuer serial number mismatch"); + case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: + return("key usage does not include certificate signing"); + default: sprintf(buf,"error number %ld",n); return(buf); |