diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2015-12-29 14:12:36 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-07 13:48:59 -0500 |
commit | 170b735820ac6a3857733fccf889cde9d723ddc8 (patch) | |
tree | a0d55c48d1117bd156bb9dbbba7629b221f3db91 /include | |
parent | a8eba56ef62af2f9a5b46825c994665cd3789c2e (diff) | |
download | openssl-new-170b735820ac6a3857733fccf889cde9d723ddc8.tar.gz |
DANE support for X509_verify_cert()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/x509.h | 2 | ||||
-rw-r--r-- | include/openssl/x509_vfy.h | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 0b00abfc2a..0f66329544 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1073,6 +1073,7 @@ void ERR_load_X509_strings(void); # define X509_F_BUILD_CHAIN 106 # define X509_F_BY_FILE_CTRL 101 # define X509_F_CHECK_POLICY 145 +# define X509_F_DANE_I2D 107 # define X509_F_DIR_CTRL 102 # define X509_F_GET_CERT_BY_SUBJECT 103 # define X509_F_NETSCAPE_SPKI_B64_DECODE 129 @@ -1119,6 +1120,7 @@ void ERR_load_X509_strings(void); /* Reason codes. */ # define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 # define X509_R_BAD_X509_FILETYPE 100 # define X509_R_BASE64_DECODE_ERROR 118 # define X509_R_CANT_CHECK_DH_KEY 114 diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index c96ab6862b..7ea11ea392 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -264,6 +264,8 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ X509_STORE_CTX *parent; CRYPTO_EX_DATA ex_data; struct dane_st *dane; + /* signed via bare TA public key, rather than CA certificate */ + int bare_ta_signed; } /* X509_STORE_CTX */ ; void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); |