[openssl-users] Fwd: basic constraints check

Sandeep Deshpande sandeep.bvb at gmail.com
Thu May 31 22:39:07 UTC 2018


1.0.2j

On Fri, Jun 1, 2018, 3:52 AM Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:

>
>
> > On May 31, 2018, at 6:08 PM, Sandeep Deshpande <sandeep.bvb at gmail.com>
> wrote:
> >
> > Hi Rich.. Thanks..
> > We want to add a check in our openssl library on client side to reject
> such server certificate which are generated by the intermediate CA with
> missing extensions like basic constraints..
> > How do we go about it?
> >
> > I looked at the code. In crypto/x509v3/v3_purp.c I see that check_ca is
> there. But it is getting called only for server certificate.
>
> Are you using OpenSSL 1.1.0 or OpenSSL 1.0.2?
>
> --
>         Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180601/95742ab8/attachment.html>


More information about the openssl-users mailing list