diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-01 11:47:17 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-02 16:03:27 +0100 |
commit | c653a8e384f329bc9d63ef9c0995e03540a6837d (patch) | |
tree | bbe7fc7fa9e86fbc22f5e4c2e93fb135dfbd2f3d /lib/includes/gnutls/x509.h | |
parent | 6f7c7db6469adb72db27a1173218dd55aeb1e90f (diff) | |
download | gnutls-c653a8e384f329bc9d63ef9c0995e03540a6837d.tar.gz |
x509.h: introduced flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS
That flag signals the verification process, not to fail on unknown critical
extensions. This can be used when the critical extension checking in a chain
is handled externally.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/includes/gnutls/x509.h')
-rw-r--r-- | lib/includes/gnutls/x509.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index c47fad1c8c..1972c91140 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -902,6 +902,8 @@ int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, * check in the verification, do not consider any wildcards. * @GNUTLS_VERIFY_USE_TLS1_RSA: This indicates that a (raw) RSA signature is provided * as in the TLS 1.0 protocol. Not all functions accept this flag. + * @GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS: This signals the verification + * process, not to fail on unknown critical extensions. * * Enumeration of different certificate verify flags. Additional * verification profiles can be set using GNUTLS_PROFILE_TO_VFLAGS() @@ -920,7 +922,8 @@ typedef enum gnutls_certificate_verify_flags { GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11, GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS = 1 << 12, - GNUTLS_VERIFY_USE_TLS1_RSA = 1 << 13 + GNUTLS_VERIFY_USE_TLS1_RSA = 1 << 13, + GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS = 1 << 14 /* cannot exceed 2^24 due to GNUTLS_PROFILE_TO_VFLAGS() */ } gnutls_certificate_verify_flags; |