diff options
author | Matt Caswell <matt@openssl.org> | 2020-03-20 11:52:07 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-03-30 14:54:37 +0100 |
commit | 33328581b83e8e9f573f08f0e2e0d6b32d095857 (patch) | |
tree | 10f6643a2431c5ca74476197e274b71583bbc13f /doc/man3 | |
parent | c2146b57d296aa5b06e27cd8d76bbd040a3444b9 (diff) |
Add the X509v3_cache_extensions() function
Various functions cause the results of processing extensions to be
cached. The processing itself requires a libctx, and so this implicit
caching means that the default ctx is used which can lead to failures.
By explicitly caching the extensions we can specify the libctx to be used.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11409)
Diffstat (limited to 'doc/man3')
-rw-r--r-- | doc/man3/X509_check_ca.pod | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/man3/X509_check_ca.pod b/doc/man3/X509_check_ca.pod index 9fe01d1983..89adb2e3b6 100644 --- a/doc/man3/X509_check_ca.pod +++ b/doc/man3/X509_check_ca.pod @@ -24,6 +24,8 @@ B<keyUsage> extension with bit B<keyCertSign> set, but without B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type extension telling that it is CA certificate. +This function will also return 0 on error. + Actually, any nonzero value means that this certificate could have been used to sign other certificates. |