check_chain_extensions(): Add check that CA cert includes key usage extension

[openssl.git] / crypto / x509 / x509_txt.c

diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 85782a2f86588a6af13d8a12db1ad23aed297536..9cb6c8b73921ee5bddb188db3419bac04113b56b 100644 (file)
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -206,6 +206,8 @@ const char *X509_verify_cert_error_string(long n)
         return "Authority Key Identifier marked critical";
     case X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL:
         return "Subject Key Identifier marked critical";
+    case X509_V_ERR_CA_CERT_MISSING_KEY_USAGE:
+        return "CA cert does not include key usage extension";
 
     default:
         /* Printing an error number into a static buffer is not thread-safe */