diff options
author | Richard Levitte <levitte@openssl.org> | 2016-06-19 10:55:16 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2016-06-20 21:34:37 +0200 |
commit | c8223538cb05e5aac6418a5ba6dc4775b7ab486b (patch) | |
tree | 470e805fe8d9dc9da5fbfca69ee103c86a0dec8a /crypto/x509/x509_txt.c | |
parent | 54f24e3ed411b19a3647a0aa114b0ea20421bbe7 (diff) | |
download | openssl-c8223538cb05e5aac6418a5ba6dc4775b7ab486b.tar.gz |
Check that the subject name in a proxy cert complies to RFC 3820
The subject name MUST be the same as the issuer name, with a single CN
entry added.
RT#1852
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'crypto/x509/x509_txt.c')
-rw-r--r-- | crypto/x509/x509_txt.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index ae54de1c31..66e5fcd02f 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -167,6 +167,8 @@ const char *X509_verify_cert_error_string(long n) return ("Issuer certificate lookup error"); case X509_V_ERR_NO_VALID_SCTS: return ("Certificate Transparency required, but no valid SCTs found"); + case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: + return ("proxy subject name violation"); default: /* Printing an error number into a static buffer is not thread-safe */ |