> On May 31, 2018, at 6:08 PM, Sandeep Deshpande <sandeep....@gmail.com> wrote:
>
> Hi Rich.. Thanks..
> We want to add a check in our openssl library on client side to reject such
> server certificate which are generated by the intermediate CA with missing
> extensions like basic constraints..
> How do we go about it?
>
> I looked at the code. In crypto/x509v3/v3_purp.c I see that check_ca is
> there. But it is getting called only for server certificate.
Are you using OpenSSL 1.1.0 or OpenSSL 1.0.2?
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
