From d3ea9013dad42cd8c8569e9a061e851b2f3b757e Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 26 Oct 2020 11:48:39 +0000
Subject: Add a -legacy_verify flag to force use of the old validator for
 debugging and testing purposes.

ok beck inoguchi jsing
---
 src/usr.bin/openssl/verify.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/usr.bin/openssl/verify.c')

diff --git a/src/usr.bin/openssl/verify.c b/src/usr.bin/openssl/verify.c
index 3da41b917a..e4443148ce 100644
--- a/src/usr.bin/openssl/verify.c
+++ b/src/usr.bin/openssl/verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: verify.c,v 1.8 2020/07/14 19:08:30 jsing Exp $ */
+/* $OpenBSD: verify.c,v 1.9 2020/10/26 11:48:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -192,6 +192,10 @@ static const struct option verify_shared_options[] = {
 		.name = "issuer_checks",
 		.desc = "Enable debugging of certificate issuer checks",
 	},
+	{
+		.name = "legacy_verify",
+		.desc = "Use legacy certificate chain verification",
+	},
 	{
 		.name = "policy",
 		.argname = "name",
-- 
cgit v1.2.3-55-g6feb