Allow proxy certs to be present when verifying a chain (08327bfb) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/apps.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -2241,6 +2241,8 @@ int args_verify(char **pargs, int pargc,
		flags \|= X509_V_FLAG_CHECK_SS_SIGNATURE;
		else if (!strcmp(arg, "-no_alt_chains"))
		flags \|= X509_V_FLAG_NO_ALT_CHAINS;
		else if (!strcmp(arg, "-allow_proxy_certs"))
		flags \|= X509_V_FLAG_ALLOW_PROXY_CERTS;
		else
		return 0;

+5 −0

Original line number	Diff line number	Diff line
		@@ -23,6 +23,7 @@ B<openssl> B<verify>
		[B<-use_deltas>]
		[B<-policy_print>]
		[B<-no_alt_chains>]
		[B<-allow_proxy_certs>]
		[B<-untrusted file>]
		[B<-help>]
		[B<-issuer_checks>]
		@@ -117,6 +118,10 @@ be found that is trusted. With this option that behaviour is suppressed so that
		only the first chain found is ever used. Using this option will force the
		behaviour to match that of previous OpenSSL versions.

		=item B<-allow_proxy_certs>

		Allow the verification of proxy certificates.

		=item B<-policy_print>

		Print out diagnostics related to policy processing.