mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

apps/verify:c: Enable output of multiple verification errors due to -x509_strict

Browse Source 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13606)
This commit is contained in:
Dr. David von Oheimb 2020-12-03 12:00:35 +01:00
parent 06f81af8fc
commit f974b61077
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
apps/verify.c
View File

@ -356,13 +356,28 @@ static int cb(int ok, X509_STORE_CTX *ctx)
case X509_V_ERR_INVALID_CA:
case X509_V_ERR_INVALID_NON_CA:
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
case X509_V_ERR_INVALID_PURPOSE:
case X509_V_ERR_CRL_HAS_EXPIRED:
case X509_V_ERR_CRL_NOT_YET_VALID:
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
/* errors due to strict conformance checking (-x509_strict) */
case X509_V_ERR_INVALID_PURPOSE:
case X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA:
case X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN:
case X509_V_ERR_CA_BCONS_NOT_CRITICAL:
case X509_V_ERR_CA_CERT_MISSING_KEY_USAGE:
case X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA:
case X509_V_ERR_ISSUER_NAME_EMPTY:
case X509_V_ERR_SUBJECT_NAME_EMPTY:
case X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL:
case X509_V_ERR_EMPTY_SUBJECT_ALT_NAME:
case X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY:
case X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL:
case X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL:
case X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER:
case X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER:
case X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3:
ok = 1;
}
return ok;
}