diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-02-09 14:17:13 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-02-10 12:34:06 -0500 |
commit | d33def662443c4b534c6b261a3b01f3960339c78 (patch) | |
tree | 4e95fd943d9df02700d60d5dbb493a6a2d4dec05 /include | |
parent | 056be06b4dfd7eaf7914febd043e9b446e1ed772 (diff) |
Deprecate the -issuer_checks debugging option
This was a developer debugging feature and was never a useful public
interface.
Added all missing X509 error codes to the verify(1) manpage, but
many still need a description beyond the associated text string.
Sorted the errors in x509_txt.c by error number.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/x509_vfy.h | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 2ed1e4c007..f2bd0736b9 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -284,7 +284,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_OK 0 # define X509_V_ERR_UNSPECIFIED 1 - # define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 # define X509_V_ERR_UNABLE_TO_GET_CRL 3 # define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 @@ -317,7 +316,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_AKID_SKID_MISMATCH 30 # define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 # define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 - # define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 # define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 # define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 @@ -326,18 +324,17 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 # define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 # define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 - # define X509_V_ERR_INVALID_EXTENSION 41 # define X509_V_ERR_INVALID_POLICY_EXTENSION 42 # define X509_V_ERR_NO_EXPLICIT_POLICY 43 # define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 # define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 - # define X509_V_ERR_UNNESTED_RESOURCE 46 - # define X509_V_ERR_PERMITTED_VIOLATION 47 # define X509_V_ERR_EXCLUDED_VIOLATION 48 # define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +# define X509_V_ERR_APPLICATION_VERIFICATION 50 # define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 # define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 # define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 @@ -358,13 +355,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* DANE TLSA errors */ # define X509_V_ERR_DANE_NO_MATCH 65 -/* The application is not happy */ -# define X509_V_ERR_APPLICATION_VERIFICATION 50 /* Certificate verify flags */ -/* Send issuer+subject checks to verify_cb */ -# define X509_V_FLAG_CB_ISSUER_CHECK 0x1 +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +# endif /* Use check time instead of current time */ # define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Lookup CRLs */ |