]> git.ipfire.org Git - thirdparty/openssl.git/commit - crypto/x509/v3_purp.c
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1a68a3e) | patch
X509: Add "code sign" as purpose for verification of certificates
authorLutz Jaenicke <ljaenicke@phoenixcontact.com>
Thu, 14 Oct 2021 13:24:18 +0000 (15:24 +0200)
committerTomas Mraz <tomas@openssl.org>
Thu, 18 Aug 2022 08:24:53 +0000 (10:24 +0200)
commit178696d6020878361a088086243d56203e0beaa9
tree4f48ea1960042b738a6c463c9f4506156f33bf19tree | snapshot
parent1a68a3e42142a2c188f4b69c7337438c89502143commit | diff
X509: Add "code sign" as purpose for verification of certificates

Code signing certificates have other properties as for example described in
CA Browser Forum documents. This leads to "unsupported certificate purpose" errors when
verifying signed objects.
This patch adds the purpose "codesign" to the table in X.509 certificate verification and
the verification parameter "code_sign" to X509_VERIFY_PARAM.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18567)
crypto/x509/v3_purp.c diff | blob | blame | history
crypto/x509/x509_vpm.c diff | blob | blame | history
doc/man1/openssl-verification-options.pod diff | blob | blame | history
doc/man3/X509_STORE_CTX_new.pod diff | blob | blame | history
doc/man3/X509_check_purpose.pod diff | blob | blame | history
include/openssl/x509v3.h.in diff | blob | blame | history
A mirror of the official openssl repository