[openssl-users] Fwd: basic constraints check
Viktor Dukhovni
openssl-users at dukhovni.org
Thu May 31 22:22:31 UTC 2018
> On May 31, 2018, at 6:08 PM, Sandeep Deshpande <sandeep.bvb at gmail.com> wrote:
>
> Hi Rich.. Thanks..
> We want to add a check in our openssl library on client side to reject such server certificate which are generated by the intermediate CA with missing extensions like basic constraints..
> How do we go about it?
>
> I looked at the code. In crypto/x509v3/v3_purp.c I see that check_ca is there. But it is getting called only for server certificate.
Are you using OpenSSL 1.1.0 or OpenSSL 1.0.2?
--
Viktor.
More information about the openssl-users
mailing list