From bb377c8d6c61920d889b961bd5c862eaac8b28e4 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Tue, 25 Aug 2020 16:58:36 +0200
Subject: check_chain_extensions(): Add check that CA cert includes key usage
 extension

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
---
 include/openssl/x509_vfy.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include')

diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 53dff234ce..50ae14f240 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -232,6 +232,7 @@ X509_LOOKUP_ctrl_with_libctx((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_BCONS_NOT_CRITICAL                89
 # define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL    90
 # define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL      91
+# define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
-- 
cgit v1.2.3