X509_cmp(): Fix comparison in case x509v3_cache_extensions() failed to due to invalid cert

This is the backport of #13755 to v1.1.1. Fixes #13698 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13756)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-12-30 09:57:49 +0100
committer: Dr. David von Oheimb <dev@ddvo.net> 2021-01-14 14:36:09 +0100
commit: fb1e2411042f0367c2560e4ec5e4b1189ca9cd45 (patch)
tree: 76ff10c7eecdbbddaeda44c71d0ede617c2db80c /doc
parent: 2a9785c252df6836da90da33aaeed8edb506e556 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/man3/X509_get_extension_flags.pod b/doc/man3/X509_get_extension_flags.pod
index 43c9c952c6..cca72c71fc 100644
--- a/doc/man3/X509_get_extension_flags.pod
+++ b/doc/man3/X509_get_extension_flags.pod
@@ -78,12 +78,17 @@ The certificate contains an unhandled critical extension.
 
 =item B<EXFLAG_INVALID>
 
-Some certificate extension values are invalid or inconsistent. The
-certificate should be rejected.
+Some certificate extension values are invalid or inconsistent.
+The certificate should be rejected.
 This bit may also be raised after an out-of-memory error while
 processing the X509 object, so it may not be related to the processed
 ASN1 object itself.
 
+=item B<EXFLAG_NO_FINGERPRINT>
+
+Failed to compute the internal SHA1 hash value of the certificate.
+This may be due to malloc failure or because no SHA1 implementation was found.
+
 =item B<EXFLAG_INVALID_POLICY>
 
 The NID_certificate_policies certificate extension is invalid or
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-12-30 09:57:49 +0100
committer	Dr. David von Oheimb <dev@ddvo.net>	2021-01-14 14:36:09 +0100
commit	fb1e2411042f0367c2560e4ec5e4b1189ca9cd45 (patch)
tree	76ff10c7eecdbbddaeda44c71d0ede617c2db80c /doc
parent	2a9785c252df6836da90da33aaeed8edb506e556 (diff)