diff options
| author | Rob Austein <sra@hactrn.net> | 2006-08-17 14:44:52 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2006-08-17 14:44:52 +0000 |
| commit | 32f586a877a4cac40b1ff6b0281408f5eb42237a (patch) | |
| tree | e7510824901d5719feed9ee31eac023b159e2da1 /openssl | |
| parent | 7f1e6be4cf0e1c9f79367b8e4080ee0a8148ce3d (diff) | |
Add X509_V_ERR_UNNESTED_RESOURCE to the list of errors that verify's
callback will allow, so verify will report if a certificate with bad
RFC 3779 resources is also revoked.
svn path=/openssl/trunk/apps/verify.c; revision=171
Diffstat (limited to 'openssl')
| -rw-r--r-- | openssl/trunk/apps/verify.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/openssl/trunk/apps/verify.c b/openssl/trunk/apps/verify.c index 9ff32cb0..57396563 100644 --- a/openssl/trunk/apps/verify.c +++ b/openssl/trunk/apps/verify.c @@ -355,6 +355,7 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; + if (ctx->error == X509_V_ERR_UNNESTED_RESOURCE) ok=1; if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY) policies_print(NULL, ctx); |