Check that the subject name in a proxy cert complies to RFC 3820

The subject name MUST be the same as the issuer name, with a single CN entry added. RT#1852 Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2016-06-19 10:55:16 +0200
committer: Richard Levitte <levitte@openssl.org> 2016-06-29 23:13:54 +0200
commit: 338fb1688fbfb7efe0bdd475b01791a6de5ef94b (patch)
tree: 0a630d586e6b9f62e6c6da840d9c1bd0b1eb24b4 /crypto/x509/x509_vfy.h
parent: ad64a69e02f7dda422d0f4f53dce7b1278715380 (diff)
download: openssl-338fb1688fbfb7efe0bdd475b01791a6de5ef94b.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index f54ecc5b41..50626826e0 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -392,6 +392,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 /* Issuer lookup error */
 # define         X509_V_ERR_STORE_LOOKUP                         66
 
+# define         X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         67
+
 /* Certificate verify flags */
 
 /* Send issuer+subject checks to verify_cb */
author	Richard Levitte <levitte@openssl.org>	2016-06-19 10:55:16 +0200
committer	Richard Levitte <levitte@openssl.org>	2016-06-29 23:13:54 +0200
commit	338fb1688fbfb7efe0bdd475b01791a6de5ef94b (patch)
tree	0a630d586e6b9f62e6c6da840d9c1bd0b1eb24b4 /crypto/x509/x509_vfy.h
parent	ad64a69e02f7dda422d0f4f53dce7b1278715380 (diff)
download	openssl-338fb1688fbfb7efe0bdd475b01791a6de5ef94b.tar.gz