projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Reject certificates with unhandled critical extensions.
[openssl.git] / crypto / x509v3 / x509v3.h
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 096dc56b6899d61a3854f90e357ef0c050e23d55..d1c9828f78b1d5acfb0f5a6115be22d1b45d81fa 100644 (file)
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -324,6 +324,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 #define EXFLAG_V1              0x40
 #define EXFLAG_INVALID         0x80
 #define EXFLAG_SET             0x100
+#define EXFLAG_CRITICAL                0x200
 
 #define KU_DIGITAL_SIGNATURE   0x0080
 #define KU_NON_REPUDIATION     0x0040
@@ -528,6 +529,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
 int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
 
 int X509_check_purpose(X509 *x, int id, int ca);
+int X509_supported_extension(X509_EXTENSION *ex);
 int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_PURPOSE_get_count(void);
Unnamed repository; edit this file 'description' to name the repository.