diff options
| author | Richard Levitte <levitte@openssl.org> | 2004-11-29 11:28:08 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2004-11-29 11:28:08 +0000 |
| commit | 30b415b0765b465e71262d051b7b16b604a855be (patch) | |
| tree | ea4d4e61013d94f9bcd05ee521efc71e67eda6b3 /crypto/x509/x509_vfy.h | |
| parent | 914c2a28c05797dc44fb3f498e6e12e5bc0db2b3 (diff) | |
| download | openssl-30b415b0765b465e71262d051b7b16b604a855be.tar.gz | |
Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
Diffstat (limited to 'crypto/x509/x509_vfy.h')
| -rw-r--r-- | crypto/x509/x509_vfy.h | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index e1bd21b802..5f49c2a8b7 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -322,10 +322,11 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 -#define X509_V_ERR_INVALID_EXTENSION 37 -#define X509_V_ERR_INVALID_POLICY_EXTENSION 38 -#define X509_V_ERR_NO_EXPLICIT_POLICY 39 +#define X509_V_ERR_INVALID_EXTENSION 38 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 39 +#define X509_V_ERR_NO_EXPLICIT_POLICY 40 /* The application is not happy */ |