1.0.2j On Fri, Jun 1, 2018, 3:52 AM Viktor Dukhovni <openssl-us...@dukhovni.org> wrote:
> > > > On May 31, 2018, at 6:08 PM, Sandeep Deshpande <sandeep....@gmail.com> > wrote: > > > > Hi Rich.. Thanks.. > > We want to add a check in our openssl library on client side to reject > such server certificate which are generated by the intermediate CA with > missing extensions like basic constraints.. > > How do we go about it? > > > > I looked at the code. In crypto/x509v3/v3_purp.c I see that check_ca is > there. But it is getting called only for server certificate. > > Are you using OpenSSL 1.1.0 or OpenSSL 1.0.2? > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users