diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-10-21 02:09:15 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-10-21 02:09:15 +0000 |
commit | f1558bb4243d83781793ed758367bd71d0983a35 (patch) | |
tree | e1971f6bf6360b9cd2e1fad6ad8f77ed4b916063 /apps/verify.c | |
parent | 6ca487992bc63d45f9780c6b83eecf025830e34b (diff) |
Reject certificates with unhandled critical extensions.
Diffstat (limited to 'apps/verify.c')
-rw-r--r-- | apps/verify.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/verify.c b/apps/verify.c index d4bf0693c8..255bf5ad28 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -146,6 +146,8 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-help") == 0) goto end; + else if (strcmp(*argv,"-ignore_critical") == 0) + vflags |= X509_V_FLAG_IGNORE_CRITICAL; else if (strcmp(*argv,"-issuer_checks") == 0) vflags |= X509_V_FLAG_CB_ISSUER_CHECK; else if (strcmp(*argv,"-crl_check") == 0) @@ -343,6 +345,7 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; + if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; } if (!v_verbose) ERR_clear_error(); |