Make it possible for external code to flag a certificate as a proxy one.

This adds the function X509_set_proxy_flag(), which sets the internal flag
EXFLAG_PROXY on a given X509 structure.

Reviewed-by: Rich Salz <rsalz@openssl.org>

1 files changed, 8 insertions, 3 deletions

diff --git a/doc/crypto/X509_get_extension_flags.pod b/doc/crypto/X509_get_extension_flags.pod
index 2509b65ca0..473ef28b6d 100644
--- a/doc/crypto/X509_get_extension_flags.pod
+++ b/doc/crypto/X509_get_extension_flags.pod
@@ -4,8 +4,8 @@
 
 X509_get0_subject_key_id,
 X509_get_pathlen,
-X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage -
-retrieve certificate extension data
+X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage,
+X509_set_proxy_flag - retrieve certificate extension data
 
 =head1 SYNOPSIS
 
@@ -16,6 +16,7 @@ retrieve certificate extension data
    uint32_t X509_get_key_usage(X509 *x);
    uint32_t X509_get_extended_key_usage(X509 *x);
    const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+   void X509_set_proxy_flag(X509 *x);
 
 =head1 DESCRIPTION
 
@@ -102,6 +103,10 @@ X509_get_extended_key_usage() return an internal pointer to the subject key
 identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
 is not present or cannot be parsed.
 
+X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag.
+This is for the users who need to mark non-RFC3820 proxy certificates as
+such, as OpenSSL only detects RFC3820 compliant ones.
+
 =head1 NOTES
 
 The value of the flags correspond to extension values which are cached
@@ -139,7 +144,7 @@ L<X509_check_purpose(3)>
 
 =head1 HISTORY
 
-X509_get_pathlen() was added in OpenSSL 1.1.0.
+X509_get_pathlen() and X509_set_proxy_flag() were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT