diff options
author | Richard Levitte <levitte@openssl.org> | 2016-06-19 10:55:16 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2016-06-29 23:13:54 +0200 |
commit | 338fb1688fbfb7efe0bdd475b01791a6de5ef94b (patch) | |
tree | 0a630d586e6b9f62e6c6da840d9c1bd0b1eb24b4 /crypto/x509/x509_vfy.h | |
parent | ad64a69e02f7dda422d0f4f53dce7b1278715380 (diff) | |
download | openssl-338fb1688fbfb7efe0bdd475b01791a6de5ef94b.tar.gz |
Check that the subject name in a proxy cert complies to RFC 3820
The subject name MUST be the same as the issuer name, with a single CN
entry added.
RT#1852
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/x509/x509_vfy.h')
-rw-r--r-- | crypto/x509/x509_vfy.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index f54ecc5b41..50626826e0 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -392,6 +392,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Issuer lookup error */ # define X509_V_ERR_STORE_LOOKUP 66 +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 67 + /* Certificate verify flags */ /* Send issuer+subject checks to verify_cb */ |