From 9d84d4ed5e13713c060c5fd538e2c15242aa9b9f Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 13 Aug 2008 16:00:11 +0000
Subject: Initial support for CRL path validation. This supports distinct
 certificate and CRL signing keys.

---
 crypto/x509/x509_vfy.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'crypto/x509/x509_vfy.h')

diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index faf641f037..a5006c2d8b 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -269,6 +269,8 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 	X509 *current_issuer;	/* cert currently being tested as valid issuer */
 	X509_CRL *current_crl;	/* current CRL */
 
+	X509_STORE_CTX *parent; /* For CRL path validation: parent context */
+
 	CRYPTO_EX_DATA ex_data;
 	} /* X509_STORE_CTX */;
 
@@ -377,6 +379,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define X509_V_FLAG_INHIBIT_MAP			0x400
 /* Notify callback that policy is OK */
 #define X509_V_FLAG_NOTIFY_POLICY		0x800
+/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
+#define X509_V_FLAG_EXTENDED_CRL_SUPPORT	0x1000
 
 #define X509_VP_FLAG_DEFAULT			0x1
 #define X509_VP_FLAG_OVERWRITE			0x2
-- 
cgit v1.2.3