Add hooks for RFC 3779 path validation.

svn path=/openssl/trunk/crypto/x509/x509_vfy.c; revision=134
author: Rob Austein <sra@hactrn.net> 2006-08-01 23:48:33 +0000
committer: Rob Austein <sra@hactrn.net> 2006-08-01 23:48:33 +0000
commit: 6bc79007a136e5bbb68f7d8e9616f99bdea30278 (patch)
tree: 292f4773e96099a6a8ebebad80b8fa1aa772c531 /openssl/trunk/crypto
parent: 6746b2f7e6bfa2c5ef37cc21d772fdedd2bed38e (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/openssl/trunk/crypto/x509/x509_vfy.c b/openssl/trunk/crypto/x509/x509_vfy.c
index 79dae3d3..47b15455 100644
--- a/openssl/trunk/crypto/x509/x509_vfy.c
+++ b/openssl/trunk/crypto/x509/x509_vfy.c
@@ -289,6 +289,15 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 
 	if (!ok) goto end;
 
+	/* Check RFC 3779 path validation */
+	ok = v3_asid_validate_path(ctx);
+
+	if (!ok) goto end;
+
+	ok = v3_addr_validate_path(ctx);
+
+	if (!ok) goto end;
+
 	/* The chain extensions are OK: check trust */
 
 	if (param->trust > 0) ok = check_trust(ctx);
author	Rob Austein <sra@hactrn.net>	2006-08-01 23:48:33 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-01 23:48:33 +0000
commit	6bc79007a136e5bbb68f7d8e9616f99bdea30278 (patch)
tree	292f4773e96099a6a8ebebad80b8fa1aa772c531 /openssl/trunk/crypto
parent	6746b2f7e6bfa2c5ef37cc21d772fdedd2bed38e (diff)