diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-10-21 02:09:15 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-10-21 02:09:15 +0000 |
commit | f1558bb4243d83781793ed758367bd71d0983a35 (patch) | |
tree | e1971f6bf6360b9cd2e1fad6ad8f77ed4b916063 /CHANGES | |
parent | 6ca487992bc63d45f9780c6b83eecf025830e34b (diff) |
Reject certificates with unhandled critical extensions.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -12,6 +12,15 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) Test for certificates which contain unsupported critical extensions. + If such a certificate is found during a verify operation it is + rejected by default: this behaviour can be overridden by either + handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or + by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function + X509_supported_extension() has also been added which returns 1 if a + particular extension is supported. + [Steve Henson] + +) New functions/macros SSL_CTX_set_msg_callback(ctx, cb) |