diff options
| author | Richard Levitte <levitte@openssl.org> | 2004-11-29 11:28:08 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2004-11-29 11:28:08 +0000 |
| commit | 30b415b0765b465e71262d051b7b16b604a855be (patch) | |
| tree | ea4d4e61013d94f9bcd05ee521efc71e67eda6b3 /crypto/x509/x509_txt.c | |
| parent | 914c2a28c05797dc44fb3f498e6e12e5bc0db2b3 (diff) | |
Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct. As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
given)
Diffstat (limited to 'crypto/x509/x509_txt.c')
| -rw-r--r-- | crypto/x509/x509_txt.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index ddc3b9b355..57ff33dc19 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -122,6 +122,8 @@ const char *X509_verify_cert_error_string(long n) return("certificate revoked"); case X509_V_ERR_INVALID_CA: return ("invalid CA certificate"); + case X509_V_ERR_INVALID_NON_CA: + return ("invalid non-CA certificate (has CA markings)"); case X509_V_ERR_PATH_LENGTH_EXCEEDED: return ("path length constraint exceeded"); case X509_V_ERR_INVALID_PURPOSE: |