diff options
| author | Rich Salz <rsalz@akamai.com> | 2020-08-17 15:31:42 -0400 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-27 20:03:39 +0200 |
| commit | 0495a3ec4ab463d5c08f4a4e85d0e3925e4602e7 (patch) | |
| tree | 1c3d88d88b9a4d71e98f70d1e01b5f3738086edb /include | |
| parent | fcc3a5204c6daa0f0bbc1679ce1ce82fb767190d (diff) | |
Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify()
This adds a flag, OCSP_PARTIAL_CHAIN, to the OCSP_basic_verify()
function. This is equivlent to X509_V_FLAG_PARTIAL_CHAIN, in that
if any certificate in the OCSP response is in the trust store, then
trust it.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12666)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/ocsp.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index 1c514efeee..939a90877d 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -102,6 +102,7 @@ extern "C" { # define OCSP_TRUSTOTHER 0x200 # define OCSP_RESPID_KEY 0x400 # define OCSP_NOTIME 0x800 +# define OCSP_PARTIAL_CHAIN 0x1000 typedef struct ocsp_cert_id_st OCSP_CERTID; typedef struct ocsp_one_request_st OCSP_ONEREQ; |