Added a flag to allow signing by v1 X.509 certificates. Also added a function to allow setting the verification flags in the credentials structure.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2003-03-03 16:02:19 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2003-03-03 16:02:19 +0000
commit: 12f135e099a570991ace460a83a291a136604c71 (patch)
tree: 85c5692f7f936b22fa9718a94dfe1eed4d5e90b8 /includes
parent: 4b8dd2d4c4098cfde70a70326ae5035eb53214b3 (diff)
download: gnutls-12f135e099a570991ace460a83a291a136604c71.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h
index 16b4fefd27..ecc2cc6254 100644
--- a/includes/gnutls/x509.h
+++ b/includes/gnutls/x509.h
@@ -157,9 +157,13 @@ int gnutls_pkcs7_get_certificate(gnutls_pkcs7 pkcs7, int indx,
  */
 
 typedef enum gnutls_certificate_verify_flags {
-	GNUTLS_VERIFY_DISABLE_CA_SIGN=1 /* if set a signer does not have to be
+	GNUTLS_VERIFY_DISABLE_CA_SIGN=1, /* if set a signer does not have to be
 					 * a certificate authority.
 					 */
+	GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT=2 /* Allow CA certificates that have version 1.
+					      * This might be dangerous since those haven't
+					      * the basicConstraints extension.
+					      */
 } gnutls_certificate_verify_flags;
 
 int gnutls_x509_crt_check_issuer( gnutls_x509_crt cert,
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2003-03-03 16:02:19 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2003-03-03 16:02:19 +0000
commit	12f135e099a570991ace460a83a291a136604c71 (patch)
tree	85c5692f7f936b22fa9718a94dfe1eed4d5e90b8 /includes
parent	4b8dd2d4c4098cfde70a70326ae5035eb53214b3 (diff)
download	gnutls-12f135e099a570991ace460a83a291a136604c71.tar.gz