Allow proxy certs to be present when verifying a chain

author Richard Levitte <levitte@openssl.org>

Sun, 19 Jun 2016 08:55:43 +0000 (10:55 +0200)

committer Richard Levitte <levitte@openssl.org>

Wed, 29 Jun 2016 21:13:54 +0000 (23:13 +0200)
author Richard Levitte <levitte@openssl.org>
Sun, 19 Jun 2016 08:55:43 +0000 (10:55 +0200)
committer Richard Levitte <levitte@openssl.org>
Wed, 29 Jun 2016 21:13:54 +0000 (23:13 +0200)
diff --git a/apps/apps.c b/apps/apps.c

index b1dd97038f7d7c1e59f44d6eece213b61ff5027b..0385490306d659e40c8a29011d1b1ebe8f7fc089 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,
          flags |= X509_V_FLAG_PARTIAL_CHAIN;
      else if (!strcmp(arg, "-no_alt_chains"))
          flags |= X509_V_FLAG_NO_ALT_CHAINS;
+    else if (!strcmp(arg, "-allow_proxy_certs"))
+        flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
      else
          return 0;
  
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod

index bffa6c0ec403e5da0e1042651f04222ed9ce4967..b3767325ae075abbb48f84413718bca592be7b9e 100644 (file)
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -27,6 +27,7 @@ B<openssl> B<verify>
  [B<-use_deltas>]
  [B<-policy_print>]
  [B<-no_alt_chains>]
+[B<-allow_proxy_certs>]
  [B<-untrusted file>]
  [B<-help>]
  [B<-issuer_checks>]
@@ -139,6 +140,10 @@ be found that is trusted. With this option that behaviour is suppressed so that
  only the first chain found is ever used. Using this option will force the
  behaviour to match that of previous OpenSSL versions.
  
+=item B<-allow_proxy_certs>
+
+Allow the verification of proxy certificates.
+
  =item B<-trusted file>
  
  A file of additional trusted certificates. The file should contain multiple
author	Richard Levitte <levitte@openssl.org>
	Sun, 19 Jun 2016 08:55:43 +0000 (10:55 +0200)
committer	Richard Levitte <levitte@openssl.org>
	Wed, 29 Jun 2016 21:13:54 +0000 (23:13 +0200)
apps/apps.c		patch \| blob \| history
doc/apps/verify.pod		patch \| blob \| history