diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-02-23 12:00:18 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-02-23 13:49:21 +0000 |
| commit | c5ea65b157e17743c881b9e348524b0281b3d39f (patch) | |
| tree | e951fe1c21bf34ec453b8739940f4dd6d950dae7 /ssl/ssl.h | |
| parent | 58b86e4235cd420f607819727d372af9f7a80224 (diff) | |
New chain building flags.
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.
Add verify error code when building chain.
Update docs.
(cherry picked from commit 13dc3ce9ab483cade378bcf3844c92bacd817316)
Diffstat (limited to 'ssl/ssl.h')
| -rw-r--r-- | ssl/ssl.h | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -780,9 +780,13 @@ struct ssl_session_st /* Flags for building certificate chains */ /* Treat any existing certificates as untrusted CAs */ -#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 /* Don't include root CA in chain */ -#define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +#define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +#define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +#define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 /* Flags returned by SSL_check_chain */ /* Certificate can be used with this session */ |