diff options
| author | Adam Langley <agl@google.com> | 2016-01-15 01:08:58 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2016-01-19 20:02:31 +0300 |
| commit | 3a39b06011d31357c98091687e24ab38a3e8514e (patch) | |
| tree | cebb750b93c4a69055d14aa2f9229983b522f00d /include | |
| parent | 57707c70dc137471b8850c8287839ad13a0d2a19 (diff) | |
Import “altchains” support.
This change imports the following changes from upstream:
6281abc79623419eae6a64768c478272d5d3a426
dfd3322d72a2d49f597b86dab6f37a8cf0f26dbf
f34b095fab1569d093b639bfcc9a77d6020148ff
21376d8ae310cf0455ca2b73c8e9f77cafeb28dd
25efcb44ac88ab34f60047e16a96c9462fad39c1
56353962e7da7e385c3d577581ccc3015ed6d1dc
39c76ceb2d3e51eaff95e04d6e4448f685718f8d
a3d74afcae435c549de8dbaa219fcb30491c1bfb
These contain the “altchains” functionality which allows OpenSSL to
backtrack when chain building.
Change-Id: I8d4bc2ac67b90091f9d46e7355cae878b4ccf37d
Reviewed-on: https://boringssl-review.googlesource.com/6905
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/x509_vfy.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index b39ef49c..bd7ded76 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -412,6 +412,11 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Allow partial chains if at least one certificate is in trusted store */ #define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag + * will force the behaviour to match that of previous versions. */ +#define X509_V_FLAG_NO_ALT_CHAINS 0x100000 + #define X509_VP_FLAG_DEFAULT 0x1 #define X509_VP_FLAG_OVERWRITE 0x2 #define X509_VP_FLAG_RESET_FLAGS 0x4 |