diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index fff099474e..0820a2a5d3 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -528,6 +528,11 @@ static int check_ca(const X509 *x) } } +void X509_set_proxy_flag(X509 *x) +{ + x->ex_flags |= EXFLAG_PROXY; +} + int X509_check_ca(X509 *x) { if (!(x->ex_flags & EXFLAG_SET)) { diff --git a/doc/crypto/X509_get_extension_flags.pod b/doc/crypto/X509_get_extension_flags.pod index 2509b65ca0..473ef28b6d 100644 --- a/doc/crypto/X509_get_extension_flags.pod +++ b/doc/crypto/X509_get_extension_flags.pod @@ -4,8 +4,8 @@ X509_get0_subject_key_id, X509_get_pathlen, -X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage - -retrieve certificate extension data +X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, +X509_set_proxy_flag - retrieve certificate extension data =head1 SYNOPSIS @@ -16,6 +16,7 @@ retrieve certificate extension data uint32_t X509_get_key_usage(X509 *x); uint32_t X509_get_extended_key_usage(X509 *x); const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); + void X509_set_proxy_flag(X509 *x); =head1 DESCRIPTION @@ -102,6 +103,10 @@ X509_get_extended_key_usage() return an internal pointer to the subject key identifier of B as an B or B if the extension is not present or cannot be parsed. +X509_set_proxy_flag() marks the certificate with the B flag. +This is for the users who need to mark non-RFC3820 proxy certificates as +such, as OpenSSL only detects RFC3820 compliant ones. + =head1 NOTES The value of the flags correspond to extension values which are cached @@ -139,7 +144,7 @@ L =head1 HISTORY -X509_get_pathlen() was added in OpenSSL 1.1.0. +X509_get_pathlen() and X509_set_proxy_flag() were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 89be5f9c14..b37f52bcab 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -649,6 +649,7 @@ int X509_supported_extension(X509_EXTENSION *ex); int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +void X509_set_proxy_flag(X509 *x); uint32_t X509_get_extension_flags(X509 *x); uint32_t X509_get_key_usage(X509 *x);