char *method_data; /* method data */
X509_STORE *store_ctx; /* who owns us */
- };
+ } /* X509_LOOKUP */;
/* This is a used when verifying cert chains. Since the
* gathering of the cert chain can take some time (and have to be
X509_CRL *current_crl; /* current CRL */
CRYPTO_EX_DATA ex_data;
- };
+ } /* X509_STORE_CTX */;
#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d))
#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
+#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
/* The application is not happy */
#define X509_V_ERR_APPLICATION_VERIFICATION 50
#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */
#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */
#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */
+#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */
int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
X509_NAME *name);
int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
X509 *x509, STACK_OF(X509) *chain);
void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);