From f65ff03d106f4cfe162bfde4780426b7bbc2e4ee Mon Sep 17 00:00:00 2001
From: Mike DePaulo <mikedep333@gmail.com>
Date: Tue, 7 Jul 2015 08:57:00 -0400
Subject: Update openssl: 1.0.1m -> 1.0.1o

---
 openssl/crypto/x509/x509_vfy.h | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'openssl/crypto/x509/x509_vfy.h')

diff --git a/openssl/crypto/x509/x509_vfy.h b/openssl/crypto/x509/x509_vfy.h
index 1f8c0eccb..aacdf55aa 100644
--- a/openssl/crypto/x509/x509_vfy.h
+++ b/openssl/crypto/x509/x509_vfy.h
@@ -405,6 +405,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 # define X509_V_FLAG_USE_DELTAS                  0x2000
 /* Check selfsigned CA signature */
 # define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
+/*
+ * If the initial chain is not trusted, do not attempt to build an alternative
+ * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting
+ * this flag will force the behaviour to match that of previous versions.
+ */
+# define X509_V_FLAG_NO_ALT_CHAINS               0x100000
 
 # define X509_VP_FLAG_DEFAULT                    0x1
 # define X509_VP_FLAG_OVERWRITE                  0x2
-- 
cgit v1.2.3