From: Richard Levitte Date: Sun, 19 Jun 2016 08:55:43 +0000 (+0200) Subject: Allow proxy certs to be present when verifying a chain X-Git-Tag: OpenSSL_1_0_2i~122 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6ad8c48291622a6ccc51489b9a230c9a05ca5614;p=oweals%2Fopenssl.git Allow proxy certs to be present when verifying a chain Reviewed-by: Rich Salz --- diff --git a/apps/apps.c b/apps/apps.c index b1dd97038f..0385490306 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_PARTIAL_CHAIN; else if (!strcmp(arg, "-no_alt_chains")) flags |= X509_V_FLAG_NO_ALT_CHAINS; + else if (!strcmp(arg, "-allow_proxy_certs")) + flags |= X509_V_FLAG_ALLOW_PROXY_CERTS; else return 0; diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index bffa6c0ec4..b3767325ae 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -27,6 +27,7 @@ B B [B<-use_deltas>] [B<-policy_print>] [B<-no_alt_chains>] +[B<-allow_proxy_certs>] [B<-untrusted file>] [B<-help>] [B<-issuer_checks>] @@ -139,6 +140,10 @@ be found that is trusted. With this option that behaviour is suppressed so that only the first chain found is ever used. Using this option will force the behaviour to match that of previous OpenSSL versions. +=item B<-allow_proxy_certs> + +Allow the verification of proxy certificates. + =item B<-trusted file> A file of additional trusted certificates. The file should contain multiple