From: Richard Levitte Date: Sun, 19 Jun 2016 08:55:43 +0000 (+0200) Subject: Allow proxy certs to be present when verifying a chain X-Git-Tag: OpenSSL_1_0_1u~36 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=08327bfb261eea4a3c356d6ebff81d838f063d1b;p=oweals%2Fopenssl.git Allow proxy certs to be present when verifying a chain Reviewed-by: Rich Salz (cherry picked from commit 6ad8c48291622a6ccc51489b9a230c9a05ca5614) --- diff --git a/apps/apps.c b/apps/apps.c index 8ab4833668..ca9179e9a5 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2241,6 +2241,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; else if (!strcmp(arg, "-no_alt_chains")) flags |= X509_V_FLAG_NO_ALT_CHAINS; + else if (!strcmp(arg, "-allow_proxy_certs")) + flags |= X509_V_FLAG_ALLOW_PROXY_CERTS; else return 0; diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index 18eeee04b9..450dd7d809 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -23,6 +23,7 @@ B B [B<-use_deltas>] [B<-policy_print>] [B<-no_alt_chains>] +[B<-allow_proxy_certs>] [B<-untrusted file>] [B<-help>] [B<-issuer_checks>] @@ -117,6 +118,10 @@ be found that is trusted. With this option that behaviour is suppressed so that only the first chain found is ever used. Using this option will force the behaviour to match that of previous OpenSSL versions. +=item B<-allow_proxy_certs> + +Allow the verification of proxy certificates. + =item B<-policy_print> Print out diagnostics related to policy processing.