diff options
Diffstat (limited to 'src/include/openssl/x509v3.h')
-rw-r--r-- | src/include/openssl/x509v3.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/include/openssl/x509v3.h b/src/include/openssl/x509v3.h index d2d39f8e..b5db7157 100644 --- a/src/include/openssl/x509v3.h +++ b/src/include/openssl/x509v3.h @@ -703,8 +703,8 @@ OPENSSL_EXPORT void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); /* Flags for X509_check_* functions */ -/* Always check subject name for host match even if subject alt names present */ -#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Deprecated: this flag does nothing */ +#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0 /* Disable wildcard matching for dnsName fields and common name. */ #define X509_CHECK_FLAG_NO_WILDCARDS 0x2 /* Wildcards must not match a partial label. */ @@ -713,6 +713,8 @@ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); #define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 /* Constraint verifier subdomain patterns to match a single labels. */ #define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Skip the subject common name fallback if subjectAltNames is missing. */ +#define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 /* * Match reference identifiers starting with "." to any sub-domain. * This is a non-public flag, turned on implicitly when the subject |