*BIG* verify code reorganisation.

The old code was painfully primitive and couldn't handle distinct certificates using the same subject name. The new code performs several tests on a candidate issuer certificate based on certificate extensions. It also adds several callbacks to X509_VERIFY_CTX so its behaviour can be customised. Unfortunately some hackery was needed to persuade X509_STORE to tolerate this. This should go away when X509_STORE is replaced, sometime... This must have broken something though :-(
author: Dr. Stephen Henson <steve@openssl.org> 2000-09-05 17:53:58 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2000-09-05 17:53:58 +0000
commit: 2f043896d14f5b1ced08bcc8bec3e38e7a18d96f (patch)
tree: 30c91e35a2b02dadc58fc56355894b4345142e51 /crypto/x509v3/x509v3.h
parent: 29eb7d9ce0488690cca532d0ecb4075b5ca59209 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 5f00ed5f7a..0453b12d63 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -532,6 +532,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
 
 int X509_check_purpose(X509 *x, int id, int ca);
+int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE * X509_PURPOSE_get0(int idx);
 int X509_PURPOSE_get_by_sname(char *sname);
author	Dr. Stephen Henson <steve@openssl.org>	2000-09-05 17:53:58 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2000-09-05 17:53:58 +0000
commit	2f043896d14f5b1ced08bcc8bec3e38e7a18d96f (patch)
tree	30c91e35a2b02dadc58fc56355894b4345142e51 /crypto/x509v3/x509v3.h
parent	29eb7d9ce0488690cca532d0ecb4075b5ca59209 (diff)