aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/x509/x509_vfy.h
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/crypto/x509/x509_vfy.h')
-rw-r--r--openssl/crypto/x509/x509_vfy.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/openssl/crypto/x509/x509_vfy.h b/openssl/crypto/x509/x509_vfy.h
index 1f8c0eccb..aacdf55aa 100644
--- a/openssl/crypto/x509/x509_vfy.h
+++ b/openssl/crypto/x509/x509_vfy.h
@@ -405,6 +405,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
# define X509_V_FLAG_USE_DELTAS 0x2000
/* Check selfsigned CA signature */
# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
+/*
+ * If the initial chain is not trusted, do not attempt to build an alternative
+ * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting
+ * this flag will force the behaviour to match that of previous versions.
+ */
+# define X509_V_FLAG_NO_ALT_CHAINS 0x100000
# define X509_VP_FLAG_DEFAULT 0x1
# define X509_VP_FLAG_OVERWRITE 0x2