diff options
author | Simon Josefsson <simon@josefsson.org> | 2005-08-24 09:51:44 +0000 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2005-08-24 09:51:44 +0000 |
commit | a41ee31cdd1cadbebbbfb70eef3762896c979ca0 (patch) | |
tree | 246debd3bd64e95a5bfa176bcbde88c40c6c90ed /includes | |
parent | 41af93914d9fbf55feb6b3bd8e2d6a46fd42f0fc (diff) | |
download | gnutls-a41ee31cdd1cadbebbbfb70eef3762896c979ca0.tar.gz |
(gnutls_certificate_verify_flags): Doc fix.
Diffstat (limited to 'includes')
-rw-r--r-- | includes/gnutls/x509.h | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index bc49497eac..5b29e38925 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -301,24 +301,29 @@ int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx); */ typedef enum gnutls_certificate_verify_flags { - GNUTLS_VERIFY_DISABLE_CA_SIGN=1, /* if set a signer does not have to be - * a certificate authority. This flag should normaly - * be disabled, unless you know what this means. - */ - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT=2, /* Allow only trusted CA certificates that have version 1. - * This is safer than GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, - * and should be used instead. That way only signers in your - * trusted list will be allowed to have certificates of version 1. - */ - GNUTLS_VERIFY_DO_NOT_ALLOW_SAME=4,/* If a certificate is not signed by anyone - * trusted but exists in the trusted CA list - * do not treat it as trusted. - */ - GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT=8 /* Allow CA certificates that have version 1 (both root - * and intermediate). This might be dangerous since those haven't - * the basicConstraints extension. Must be used in combination - * with GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. - */ + /* If set a signer does not have to be a certificate authority. This + * flag should normaly be disabled, unless you know what this means. + */ + GNUTLS_VERIFY_DISABLE_CA_SIGN=1, + + /* Allow only trusted CA certificates that have version 1. This is + * safer than GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, and should be + * used instead. That way only signers in your trusted list will be + * allowed to have certificates of version 1. + */ + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT=2, + + /* If a certificate is not signed by anyone trusted but exists in + * the trusted CA list do not treat it as trusted. + */ + GNUTLS_VERIFY_DO_NOT_ALLOW_SAME=4, + + /* Allow CA certificates that have version 1 (both root and + * intermediate). This might be dangerous since those haven't the + * basicConstraints extension. Must be used in combination with + * GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. + */ + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT=8 } gnutls_certificate_verify_flags; int gnutls_x509_crt_check_issuer( gnutls_x509_crt_t cert, |