Skip to content
Commit 33cc5dde authored by Viktor Dukhovni's avatar Viktor Dukhovni
Browse files

Compat self-signed trust with reject-only aux data



When auxiliary data contains only reject entries, continue to trust
self-signed objects just as when no auxiliary data is present.

This makes it possible to reject specific uses without changing
what's accepted (and thus overring the underlying EKU).

Added new supported certs and doubled test count from 38 to 76.

Reviewed-by: default avatarDr. Stephen Henson <steve@openssl.org>
parent 0daccd4d
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment