Allow proxy certs to be present when verifying a chain

author Richard Levitte <levitte@openssl.org>

Sun, 19 Jun 2016 08:55:43 +0000 (10:55 +0200)

committer Richard Levitte <levitte@openssl.org>

Wed, 29 Jun 2016 23:01:38 +0000 (01:01 +0200)
author Richard Levitte <levitte@openssl.org>
Sun, 19 Jun 2016 08:55:43 +0000 (10:55 +0200)
committer Richard Levitte <levitte@openssl.org>
Wed, 29 Jun 2016 23:01:38 +0000 (01:01 +0200)
diff --git a/apps/apps.c b/apps/apps.c

index 8ab4833668bcf4ac270ca68ed52747fdb430ebae..ca9179e9a56a185378b59b96d4e8460b46745e36 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2241,6 +2241,8 @@ int args_verify(char ***pargs, int *pargc,
          flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
      else if (!strcmp(arg, "-no_alt_chains"))
          flags |= X509_V_FLAG_NO_ALT_CHAINS;
+    else if (!strcmp(arg, "-allow_proxy_certs"))
+        flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
      else
          return 0;
  
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod

index 18eeee04b932eb15b1b5f51400133b86649323b4..450dd7d8099030e02995827a2d498ae243f38ee9 100644 (file)
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -23,6 +23,7 @@ B<openssl> B<verify>
  [B<-use_deltas>]
  [B<-policy_print>]
  [B<-no_alt_chains>]
+[B<-allow_proxy_certs>]
  [B<-untrusted file>]
  [B<-help>]
  [B<-issuer_checks>]
@@ -117,6 +118,10 @@ be found that is trusted. With this option that behaviour is suppressed so that
  only the first chain found is ever used. Using this option will force the
  behaviour to match that of previous OpenSSL versions.
  
+=item B<-allow_proxy_certs>
+
+Allow the verification of proxy certificates.
+
  =item B<-policy_print>
  
  Print out diagnostics related to policy processing.
author	Richard Levitte <levitte@openssl.org>
	Sun, 19 Jun 2016 08:55:43 +0000 (10:55 +0200)
committer	Richard Levitte <levitte@openssl.org>
	Wed, 29 Jun 2016 23:01:38 +0000 (01:01 +0200)
apps/apps.c		patch \| blob \| history
doc/apps/verify.pod		patch \| blob \| history