From 32f586a877a4cac40b1ff6b0281408f5eb42237a Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 17 Aug 2006 14:44:52 +0000 Subject: Add X509_V_ERR_UNNESTED_RESOURCE to the list of errors that verify's callback will allow, so verify will report if a certificate with bad RFC 3779 resources is also revoked. svn path=/openssl/trunk/apps/verify.c; revision=171 --- openssl/trunk/apps/verify.c | 1 + 1 file changed, 1 insertion(+) (limited to 'openssl') diff --git a/openssl/trunk/apps/verify.c b/openssl/trunk/apps/verify.c index 9ff32cb0..57396563 100644 --- a/openssl/trunk/apps/verify.c +++ b/openssl/trunk/apps/verify.c @@ -355,6 +355,7 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; + if (ctx->error == X509_V_ERR_UNNESTED_RESOURCE) ok=1; if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY) policies_print(NULL, ctx); -- cgit v1.2.3