Only set current certificate to valid values.

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 3f65e87c6d5f59ea7119fc965311ee8417f23da2..3ba9e5be68608fa523cd00527fd28b1e05fb1a46 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -784,9 +784,13 @@ struct ssl_session_st
 
 /* Flags for building certificate chains */
 /* Treat any existing certificates as untrusted CAs */
-#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1
+#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED         0x1
 /* Don't include root CA in chain */
-#define SSL_BUILD_CHAIN_FLAG_NO_ROOT   0x2
+#define SSL_BUILD_CHAIN_FLAG_NO_ROOT           0x2
+/* Just check certificates already there */
+#define SSL_BUILD_CHAIN_FLAG_CHECK             0x4
+/* Ignore verification errors */
+#define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR      0x8
 
 /* Flags returned by SSL_check_chain */
 /* Certificate can be used with this session */
@@ -1949,6 +1953,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #define SSL_CERT_SET_FIRST                     1
 #define SSL_CERT_SET_NEXT                      2
+#define SSL_CERT_SET_SERVER                    3
 
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -2557,9 +2562,6 @@ void SSL_trace(int write_p, int version, int content_type,
 const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
 #endif
 
-/* RFC6962 Signed Certificate Timestamp List X.509 extension parser */
-int X509V3_EXT_add_rfc6962(void);
-
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.