diff options
author | Tim Kosse <tim.kosse@filezilla-project.org> | 2015-12-20 15:09:24 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-30 14:06:38 +0200 |
commit | 1eb8b3dcc6c790db88889d67dc23f65aa75341d2 (patch) | |
tree | 5a108b157db9ab79a25c6a23f94dd80d07fbb64d /lib/includes | |
parent | 5d51fe80c6250c60adbf0b83f5e3cf40088973f7 (diff) | |
download | gnutls-1eb8b3dcc6c790db88889d67dc23f65aa75341d2.tar.gz |
Account the TLSFeature certificate extension in certificate verification
That is, account for the OCSP-Must staple extension. If we have sent an OCSP
status request and have not gotten anything, but the certificate has the
Status Request TLSFeature extension present, fail to verify the certificate.
Diffstat (limited to 'lib/includes')
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 0f35358d40..65e15fc5c0 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -530,6 +530,7 @@ const char * @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one. * @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU) * @GNUTLS_CERT_PURPOSE_MISMATCH: The certificate or an intermediate does not match the intended purpose (extended key usage). + * @GNUTLS_CERT_MISSING_OCSP_STATUS: The certificate requires the server to send the certifiate status, but no status was received. * * Enumeration of certificate status codes. Note that the status * bits may have different meanings in OpenPGP keys and X.509 @@ -549,7 +550,8 @@ typedef enum { GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1 << 15, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1 << 16, GNUTLS_CERT_MISMATCH = 1 << 17, - GNUTLS_CERT_PURPOSE_MISMATCH = 1 << 18 + GNUTLS_CERT_PURPOSE_MISMATCH = 1 << 18, + GNUTLS_CERT_MISSING_OCSP_STATUS = 1 << 19 } gnutls_certificate_status_t; /** |