From 0daccd4dc1f1ac62181738a91714f35472e50f3c Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Thu, 28 Jan 2016 03:01:45 -0500
Subject: Check chain extensions also for trusted certificates

This includes basic constraints, key usages, issuer EKUs and auxiliary
trust OIDs (given a trust suitably related to the intended purpose).

Added tests and updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
---
 include/openssl/x509.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 31f784d..3a1c5e2 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -183,7 +183,7 @@ DEFINE_STACK_OF(X509_TRUST)
 
 /* standard trust ids */
 
-# define X509_TRUST_DEFAULT      -1/* Only valid in purpose settings */
+# define X509_TRUST_DEFAULT      0 /* Only valid in purpose settings */
 
 # define X509_TRUST_COMPAT       1
 # define X509_TRUST_SSL_CLIENT   2
-- 
cgit v1.1