Check that the subject name in a proxy cert complies to RFC 3820

The subject name MUST be the same as the issuer name, with a single CN entry added. RT#1852 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2016-06-19 10:55:16 +0200
committer: Richard Levitte <levitte@openssl.org> 2016-06-20 21:34:37 +0200
commit: c8223538cb05e5aac6418a5ba6dc4775b7ab486b (patch)
tree: 470e805fe8d9dc9da5fbfca69ee103c86a0dec8a /include
parent: 54f24e3ed411b19a3647a0aa114b0ea20421bbe7 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index f012265573..4e44e1daea 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -165,6 +165,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 /* Certificate transparency */
 # define         X509_V_ERR_NO_VALID_SCTS                        71
 
+# define         X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         72
+
 /* Certificate verify flags */
 
 # if OPENSSL_API_COMPAT < 0x10100000L
author	Richard Levitte <levitte@openssl.org>	2016-06-19 10:55:16 +0200
committer	Richard Levitte <levitte@openssl.org>	2016-06-20 21:34:37 +0200
commit	c8223538cb05e5aac6418a5ba6dc4775b7ab486b (patch)
tree	470e805fe8d9dc9da5fbfca69ee103c86a0dec8a /include
parent	54f24e3ed411b19a3647a0aa114b0ea20421bbe7 (diff)