Add trust setting support to the verify code. It now checks the

trust settings of the root CA. After a few fixes it seems to work OK. Still need to add support to SSL and S/MIME code though.
author: Dr. Stephen Henson <steve@openssl.org> 1999-11-27 19:43:10 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 1999-11-27 19:43:10 +0000
commit: 51630a37069a0792f2d6ad6ce33e9c5cca27b69c (patch)
tree: 295ee6e11fede84a1ac1cf5404b1c3edfe2e7ba8 /crypto/x509/x509_txt.c
parent: 74ecf9e2bbff8bb85b8da313b2ea44df487ef550 (diff)
download: openssl-51630a37069a0792f2d6ad6ce33e9c5cca27b69c.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index b6f61c5e57..209cf53191 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -126,6 +126,10 @@ const char *X509_verify_cert_error_string(long n)
 		return ("path length constraint exceeded");
 	case X509_V_ERR_INVALID_PURPOSE:
 		return ("unsupported certificate purpose");
+	case X509_V_ERR_CERT_UNTRUSTED:
+		return ("certificate not trusted");
+	case X509_V_ERR_CERT_REJECTED:
+		return ("certificate rejected");
 	case X509_V_ERR_APPLICATION_VERIFICATION:
 		return("application verification failure");
 	default:
author	Dr. Stephen Henson <steve@openssl.org>	1999-11-27 19:43:10 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	1999-11-27 19:43:10 +0000
commit	51630a37069a0792f2d6ad6ce33e9c5cca27b69c (patch)
tree	295ee6e11fede84a1ac1cf5404b1c3edfe2e7ba8 /crypto/x509/x509_txt.c
parent	74ecf9e2bbff8bb85b8da313b2ea44df487ef550 (diff)
download	openssl-51630a37069a0792f2d6ad6ce33e9c5cca27b69c.tar.gz