Correctly handle missing DSA parameters.

[openssl.git] / crypto / x509 / x509_vfy.h

diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 66e97b7a386871ea2baa3ff591775e9613e76780..3f16330444f8fcaeb7e58e32bcb1fef74687db75 100644 (file)
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -254,7 +254,7 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        STACK_OF(X509) *chain;          /* chain of X509s - built up and trusted */
        X509_POLICY_TREE *tree; /* Valid policy tree */
 
-       int explicit;           /* Require explicit policy value */
+       int explicit_policy;    /* Require explicit policy value */
 
        /* When something goes wrong, this is why */
        int error_depth;
@@ -292,7 +292,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define                X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
 #define                X509_V_ERR_CERT_SIGNATURE_FAILURE               7
 #define                X509_V_ERR_CRL_SIGNATURE_FAILURE                8
-#define                X509_V_ERR_CERT_NOT_YET_VALID                   9       
+#define                X509_V_ERR_CERT_NOT_YET_VALID                   9
 #define                X509_V_ERR_CERT_HAS_EXPIRED                     10
 #define                X509_V_ERR_CRL_NOT_YET_VALID                    11
 #define                X509_V_ERR_CRL_HAS_EXPIRED                      12
@@ -322,10 +322,14 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define                X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
 #define                X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
 #define                X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
+#define                X509_V_ERR_INVALID_NON_CA                       37
+#define                X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
+#define                X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
+#define                X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
 
-#define                X509_V_ERR_INVALID_EXTENSION                    37
-#define                X509_V_ERR_INVALID_POLICY_EXTENSION             38
-#define                X509_V_ERR_NO_EXPLICIT_POLICY                   39
+#define                X509_V_ERR_INVALID_EXTENSION                    41
+#define                X509_V_ERR_INVALID_POLICY_EXTENSION             42
+#define                X509_V_ERR_NO_EXPLICIT_POLICY                   43
 
 
 /* The application is not happy */
@@ -345,14 +349,16 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define        X509_V_FLAG_IGNORE_CRITICAL             0x10
 /* Disable workarounds for broken certificates */
 #define        X509_V_FLAG_X509_STRICT                 0x20
+/* Enable proxy certificate validation */
+#define        X509_V_FLAG_ALLOW_PROXY_CERTS           0x40
 /* Enable policy checking */
-#define X509_V_FLAG_POLICY_CHECK               0x40
+#define X509_V_FLAG_POLICY_CHECK               0x80
 /* Policy variable require-explicit-policy */
-#define X509_V_FLAG_EXPLICIT_POLICY            0x80
+#define X509_V_FLAG_EXPLICIT_POLICY            0x100
 /* Policy variable inhibit-any-policy */
-#define        X509_V_FLAG_INHIBIT_ANY                 0x100
+#define        X509_V_FLAG_INHIBIT_ANY                 0x200
 /* Policy variable inhibit-policy-mapping */
-#define X509_V_FLAG_INHIBIT_MAP                        0x200
+#define X509_V_FLAG_INHIBIT_MAP                        0x400
 /* Notify callback that policy is OK */
 #define X509_V_FLAG_NOTIFY_POLICY              0x800
 
@@ -472,6 +478,9 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
                                                const X509_VERIFY_PARAM *from);
 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
 int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                                       unsigned long flags);
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);