|
|
@@ -356,13 +356,28 @@ static int cb(int ok, X509_STORE_CTX *ctx)
|
|
|
case X509_V_ERR_INVALID_CA:
|
|
|
case X509_V_ERR_INVALID_NON_CA:
|
|
|
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
|
|
|
- case X509_V_ERR_INVALID_PURPOSE:
|
|
|
case X509_V_ERR_CRL_HAS_EXPIRED:
|
|
|
case X509_V_ERR_CRL_NOT_YET_VALID:
|
|
|
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
|
|
|
+ /* errors due to strict conformance checking (-x509_strict) */
|
|
|
+ case X509_V_ERR_INVALID_PURPOSE:
|
|
|
+ case X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA:
|
|
|
+ case X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN:
|
|
|
+ case X509_V_ERR_CA_BCONS_NOT_CRITICAL:
|
|
|
+ case X509_V_ERR_CA_CERT_MISSING_KEY_USAGE:
|
|
|
+ case X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA:
|
|
|
+ case X509_V_ERR_ISSUER_NAME_EMPTY:
|
|
|
+ case X509_V_ERR_SUBJECT_NAME_EMPTY:
|
|
|
+ case X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL:
|
|
|
+ case X509_V_ERR_EMPTY_SUBJECT_ALT_NAME:
|
|
|
+ case X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY:
|
|
|
+ case X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL:
|
|
|
+ case X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL:
|
|
|
+ case X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER:
|
|
|
+ case X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER:
|
|
|
+ case X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3:
|
|
|
ok = 1;
|
|
|
}
|
|
|
-
|
|
|
return ok;
|
|
|
|
|
|
}
|
Dr. David von Oheimb