X509: Add "code sign" as purpose for verification of certificates

Code signing certificates have other properties as for example described in CA Browser Forum documents. This leads to "unsupported certificate purpose" errors when verifying signed objects. This patch adds the purpose "codesign" to the table in X.509 certificate verification and the verification parameter "code_sign" to X509_VERIFY_PARAM. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18567)
author: Lutz Jaenicke <ljaenicke@phoenixcontact.com> 2021-10-14 15:24:18 +0200
committer: Tomas Mraz <tomas@openssl.org> 2022-08-18 10:24:53 +0200
commit: 178696d6020878361a088086243d56203e0beaa9 (patch)
tree: 4f48ea1960042b738a6c463c9f4506156f33bf19 /include/openssl/x509v3.h.in
parent: 1a68a3e42142a2c188f4b69c7337438c89502143 (diff)
download: openssl-new-178696d6020878361a088086243d56203e0beaa9.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in
index 7d7e4718b6..80c69960b0 100644
--- a/include/openssl/x509v3.h.in
+++ b/include/openssl/x509v3.h.in
@@ -478,9 +478,10 @@ typedef struct x509_purpose_st {
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
+# define X509_PURPOSE_CODE_SIGN         10
 
 # define X509_PURPOSE_MIN                1
-# define X509_PURPOSE_MAX                9
+# define X509_PURPOSE_MAX               10
 
 /* Flags for X509V3_EXT_print() */
author	Lutz Jaenicke <ljaenicke@phoenixcontact.com>	2021-10-14 15:24:18 +0200
committer	Tomas Mraz <tomas@openssl.org>	2022-08-18 10:24:53 +0200
commit	178696d6020878361a088086243d56203e0beaa9 (patch)
tree	4f48ea1960042b738a6c463c9f4506156f33bf19 /include/openssl/x509v3.h.in
parent	1a68a3e42142a2c188f4b69c7337438c89502143 (diff)
download	openssl-new-178696d6020878361a088086243d56203e0beaa9.tar.gz