mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-17 05:53:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make it possible for external code to flag a certificate as a proxy one.

Browse Source 
This adds the function X509_set_proxy_flag(), which sets the internal flag
EXFLAG_PROXY on a given X509 structure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Richard Levitte 2016-07-22 16:45:33 +02:00
parent 8b9546c708
commit 9961cb7768
3 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/x509v3/v3_purp.c
View File

@ -528,6 +528,11 @@ static int check_ca(const X509 *x)
}
}
void X509_set_proxy_flag(X509 *x)
{
x->ex_flags |= EXFLAG_PROXY;
}
int X509_check_ca(X509 *x)
{
if (!(x->ex_flags & EXFLAG_SET)) {

11
doc/crypto/X509_get_extension_flags.pod
View File

@ -4,8 +4,8 @@
X509_get0_subject_key_id,
X509_get_pathlen,
X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage -
retrieve certificate extension data
X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage,
X509_set_proxy_flag - retrieve certificate extension data
=head1 SYNOPSIS
@ -16,6 +16,7 @@ retrieve certificate extension data
uint32_t X509_get_key_usage(X509 *x);
uint32_t X509_get_extended_key_usage(X509 *x);
const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
void X509_set_proxy_flag(X509 *x);
=head1 DESCRIPTION
@ -102,6 +103,10 @@ X509_get_extended_key_usage() return an internal pointer to the subject key
identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
is not present or cannot be parsed.
X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag.
This is for the users who need to mark non-RFC3820 proxy certificates as
such, as OpenSSL only detects RFC3820 compliant ones.
=head1 NOTES
The value of the flags correspond to extension values which are cached
@ -139,7 +144,7 @@ L<X509_check_purpose(3)>
=head1 HISTORY
X509_get_pathlen() was added in OpenSSL 1.1.0.
X509_get_pathlen() and X509_set_proxy_flag() were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

1
include/openssl/x509v3.h
View File

@ -649,6 +649,7 @@ int X509_supported_extension(X509_EXTENSION *ex);
int X509_PURPOSE_set(int *p, int purpose);
int X509_check_issued(X509 *issuer, X509 *subject);
int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
void X509_set_proxy_flag(X509 *x);
uint32_t X509_get_extension_flags(X509 *x);
uint32_t X509_get_key_usage(X509 *x);