From 9961cb77684aa26fe7302e691b7d16e53432a625 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 22 Jul 2016 16:45:33 +0200 Subject: Make it possible for external code to flag a certificate as a proxy one. This adds the function X509_set_proxy_flag(), which sets the internal flag EXFLAG_PROXY on a given X509 structure. Reviewed-by: Rich Salz --- doc/crypto/X509_get_extension_flags.pod | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/crypto/X509_get_extension_flags.pod b/doc/crypto/X509_get_extension_flags.pod index 2509b65ca0..473ef28b6d 100644 --- a/doc/crypto/X509_get_extension_flags.pod +++ b/doc/crypto/X509_get_extension_flags.pod @@ -4,8 +4,8 @@ X509_get0_subject_key_id, X509_get_pathlen, -X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage - -retrieve certificate extension data +X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, +X509_set_proxy_flag - retrieve certificate extension data =head1 SYNOPSIS @@ -16,6 +16,7 @@ retrieve certificate extension data uint32_t X509_get_key_usage(X509 *x); uint32_t X509_get_extended_key_usage(X509 *x); const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); + void X509_set_proxy_flag(X509 *x); =head1 DESCRIPTION @@ -102,6 +103,10 @@ X509_get_extended_key_usage() return an internal pointer to the subject key identifier of B as an B or B if the extension is not present or cannot be parsed. +X509_set_proxy_flag() marks the certificate with the B flag. +This is for the users who need to mark non-RFC3820 proxy certificates as +such, as OpenSSL only detects RFC3820 compliant ones. + =head1 NOTES The value of the flags correspond to extension values which are cached @@ -139,7 +144,7 @@ L =head1 HISTORY -X509_get_pathlen() was added in OpenSSL 1.1.0. +X509_get_pathlen() and X509_set_proxy_flag() were added in OpenSSL 1.1.0. =head1 COPYRIGHT -- cgit v1.2.3