Allow security_level to mestastasize into the verifier

The tentacles are everywhere. This checks that all certs in a chain have keys and signature algorithms matching the requirements of the security_level configured in the verify parameters. ok beck jsing
author: tb <> 2022-06-27 14:10:22 +0000
committer: tb <> 2022-06-27 14:10:22 +0000
commit: d85e325a7025116ae28315a293f49d7170489464 (patch)
tree: 8f690d35a09cd2d9e7808f00b7617746497fcde3 /src/lib/libcrypto/x509/x509_internal.h
parent: 6220066aaad23f7ff52f0ab797cc297ec7302713 (diff)
download: openbsd-d85e325a7025116ae28315a293f49d7170489464.tar.gz
openbsd-d85e325a7025116ae28315a293f49d7170489464.tar.bz2
openbsd-d85e325a7025116ae28315a293f49d7170489464.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h
index c6ce5229ad..030f24c470 100644
--- a/src/lib/libcrypto/x509/x509_internal.h
+++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_internal.h,v 1.18 2022/03/14 21:15:49 tb Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.19 2022/06/27 14:10:22 tb Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -135,6 +135,7 @@ int x509_constraints_check(struct x509_constraints_names *names,
 int x509_constraints_chain(STACK_OF(X509) *chain, int *error,
    int *depth);
 void x509_verify_cert_info_populate(X509 *cert);
+int x509_vfy_check_security_level(X509_STORE_CTX *ctx);
 __END_HIDDEN_DECLS
author	tb <>	2022-06-27 14:10:22 +0000
committer	tb <>	2022-06-27 14:10:22 +0000
commit	d85e325a7025116ae28315a293f49d7170489464 (patch)
tree	8f690d35a09cd2d9e7808f00b7617746497fcde3 /src/lib/libcrypto/x509/x509_internal.h
parent	6220066aaad23f7ff52f0ab797cc297ec7302713 (diff)
download	openbsd-d85e325a7025116ae28315a293f49d7170489464.tar.gz openbsd-d85e325a7025116ae28315a293f49d7170489464.tar.bz2 openbsd-d85e325a7025116ae28315a293f49d7170489464.zip