From d3ea9013dad42cd8c8569e9a061e851b2f3b757e Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 26 Oct 2020 11:48:39 +0000
Subject: Add a -legacy_verify flag to force use of the old validator for
 debugging and testing purposes.

ok beck inoguchi jsing
---
 src/usr.bin/openssl/apps.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/usr.bin/openssl/apps.c')

diff --git a/src/usr.bin/openssl/apps.c b/src/usr.bin/openssl/apps.c
index e1dcd48b37..2c228aad59 100644
--- a/src/usr.bin/openssl/apps.c
+++ b/src/usr.bin/openssl/apps.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: apps.c,v 1.56 2020/10/14 07:20:09 tb Exp $ */
+/* $OpenBSD: apps.c,v 1.57 2020/10/26 11:48:39 tb Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -1916,6 +1916,8 @@ args_verify(char ***pargs, int *pargc, int *badarg, BIO *err,
 		flags |= X509_V_FLAG_POLICY_CHECK;
 	else if (!strcmp(arg, "-explicit_policy"))
 		flags |= X509_V_FLAG_EXPLICIT_POLICY;
+	else if (!strcmp(arg, "-legacy_verify"))
+		flags |= X509_V_FLAG_LEGACY_VERIFY;
 	else if (!strcmp(arg, "-inhibit_any"))
 		flags |= X509_V_FLAG_INHIBIT_ANY;
 	else if (!strcmp(arg, "-inhibit_map"))
-- 
cgit v1.2.3-55-g6feb