diff options
author | Lutz Jaenicke <ljaenicke@phoenixcontact.com> | 2021-10-14 15:24:18 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-08-18 10:24:53 +0200 |
commit | 178696d6020878361a088086243d56203e0beaa9 (patch) | |
tree | 4f48ea1960042b738a6c463c9f4506156f33bf19 /include | |
parent | 1a68a3e42142a2c188f4b69c7337438c89502143 (diff) |
X509: Add "code sign" as purpose for verification of certificates
Code signing certificates have other properties as for example described in
CA Browser Forum documents. This leads to "unsupported certificate purpose" errors when
verifying signed objects.
This patch adds the purpose "codesign" to the table in X.509 certificate verification and
the verification parameter "code_sign" to X509_VERIFY_PARAM.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/x509v3.h.in | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in index 7d7e4718b6..80c69960b0 100644 --- a/include/openssl/x509v3.h.in +++ b/include/openssl/x509v3.h.in @@ -478,9 +478,10 @@ typedef struct x509_purpose_st { # define X509_PURPOSE_ANY 7 # define X509_PURPOSE_OCSP_HELPER 8 # define X509_PURPOSE_TIMESTAMP_SIGN 9 +# define X509_PURPOSE_CODE_SIGN 10 # define X509_PURPOSE_MIN 1 -# define X509_PURPOSE_MAX 9 +# define X509_PURPOSE_MAX 10 /* Flags for X509V3_EXT_print() */ |