From 30b415b0765b465e71262d051b7b16b604a855be Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 29 Nov 2004 11:28:08 +0000 Subject: Make an explicit check during certificate validation to see that the CA setting in each certificate on the chain is correct. As a side- effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - if there is an unhandled critical extension (unless the user has chosen to ignore this fault) - if the path length has been exceeded (if one is set at all) - that certain extensions fit the associated purpose (if one has been given) --- crypto/x509/x509_vfy.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'crypto/x509/x509_vfy.h') diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index e1bd21b802..5f49c2a8b7 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -322,10 +322,11 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 -#define X509_V_ERR_INVALID_EXTENSION 37 -#define X509_V_ERR_INVALID_POLICY_EXTENSION 38 -#define X509_V_ERR_NO_EXPLICIT_POLICY 39 +#define X509_V_ERR_INVALID_EXTENSION 38 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 39 +#define X509_V_ERR_NO_EXPLICIT_POLICY 40 /* The application is not happy */ -- cgit v1.2.3