aboutsummaryrefslogtreecommitdiff
path: root/openssl/trunk/crypto/x509
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/trunk/crypto/x509')
-rw-r--r--openssl/trunk/crypto/x509/x509.h2
-rw-r--r--openssl/trunk/crypto/x509/x509_vfy.c2
2 files changed, 4 insertions, 0 deletions
diff --git a/openssl/trunk/crypto/x509/x509.h b/openssl/trunk/crypto/x509/x509.h
index 16d7bbf5..efbc95f5 100644
--- a/openssl/trunk/crypto/x509/x509.h
+++ b/openssl/trunk/crypto/x509/x509.h
@@ -288,8 +288,10 @@ struct x509_st
ASN1_OCTET_STRING *skid;
struct AUTHORITY_KEYID_st *akid;
X509_POLICY_CACHE *policy_cache;
+#ifdef OPENSSL_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
+#endif
#ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
#endif
diff --git a/openssl/trunk/crypto/x509/x509_vfy.c b/openssl/trunk/crypto/x509/x509_vfy.c
index ecee8164..00981706 100644
--- a/openssl/trunk/crypto/x509/x509_vfy.c
+++ b/openssl/trunk/crypto/x509/x509_vfy.c
@@ -312,11 +312,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
ok=internal_verify(ctx);
if(!ok) goto end;
+#ifdef OPENSSL_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
if (!ok) goto end;
ok = v3_addr_validate_path(ctx);
if (!ok) goto end;
+#endif
/* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-11 07:39:06 +0000