Check chain extensions also for trusted certificates

This includes basic constraints, key usages, issuer EKUs and auxiliary trust OIDs (given a trust suitably related to the intended purpose). Added tests and updated documentation. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
author: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-01-28 03:01:45 -0500
committer: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-01-31 21:23:23 -0500
commit: 0daccd4dc1f1ac62181738a91714f35472e50f3c (patch)
tree: 5b7c2b6c5db0c2caf223ea978db03559b5eb90f8 /include
parent: 1b4cf96f9b82ec3b06e7902bb21620a09cadd94e (diff)
download: openssl-0daccd4dc1f1ac62181738a91714f35472e50f3c.zip
openssl-0daccd4dc1f1ac62181738a91714f35472e50f3c.tar.gz
openssl-0daccd4dc1f1ac62181738a91714f35472e50f3c.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 31f784d..3a1c5e2 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -183,7 +183,7 @@ DEFINE_STACK_OF(X509_TRUST)
 
 /* standard trust ids */
 
-# define X509_TRUST_DEFAULT      -1/* Only valid in purpose settings */
+# define X509_TRUST_DEFAULT      0 /* Only valid in purpose settings */
 
 # define X509_TRUST_COMPAT       1
 # define X509_TRUST_SSL_CLIENT   2
author	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-01-28 03:01:45 -0500
committer	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-01-31 21:23:23 -0500
commit	0daccd4dc1f1ac62181738a91714f35472e50f3c (patch)
tree	5b7c2b6c5db0c2caf223ea978db03559b5eb90f8 /include
parent	1b4cf96f9b82ec3b06e7902bb21620a09cadd94e (diff)
download	openssl-0daccd4dc1f1ac62181738a91714f35472e50f3c.zip openssl-0daccd4dc1f1ac62181738a91714f35472e50f3c.tar.gz openssl-0daccd4dc1f1ac62181738a91714f35472e50f3c.tar.bz2