=item B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT>,
+=item B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT>,
+
=item B<X509_CHECK_FLAG_NO_WILDCARDS>,
=item B<X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS>,
address as appropriate); the default is to ignore the subject DN
when at least one corresponding subject alternative names is present.
+The B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT> flag causes the function to never
+consider the subject DN even if the certificate contains no subject alternative
+names of the right type (DNS name or email address as appropriate); the default
+is to use the subject DN when no corresponding subject alternative names are
+present.
+
If set, B<X509_CHECK_FLAG_NO_WILDCARDS> disables wildcard
expansion; this only applies to B<X509_check_host>.
=head1 SEE ALSO
-L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
-L<X509_VERIFY_PARAM_set1_host(3)|X509_VERIFY_PARAM_set1_host(3)>,
-L<X509_VERIFY_PARAM_add1_host(3)|X509_VERIFY_PARAM_add1_host(3)>,
-L<X509_VERIFY_PARAM_set1_email(3)|X509_VERIFY_PARAM_set1_email(3)>,
-L<X509_VERIFY_PARAM_set1_ip(3)|X509_VERIFY_PARAM_set1_ip(3)>,
-L<X509_VERIFY_PARAM_set1_ipasc(3)|X509_VERIFY_PARAM_set1_ipasc(3)>
+L<SSL_get_verify_result(3)>,
+L<X509_VERIFY_PARAM_set1_host(3)>,
+L<X509_VERIFY_PARAM_add1_host(3)>,
+L<X509_VERIFY_PARAM_set1_email(3)>,
+L<X509_VERIFY_PARAM_set1_ip(3)>,
+L<X509_VERIFY_PARAM_set1_ipasc(3)>
=head1 HISTORY
-These functions were added in OpenSSL 1.1.0.
+These functions were added in OpenSSL 1.0.2.
=cut