diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-03-08 21:20:02 +0100 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-03-10 02:41:28 +0100 |
| commit | dd60efea955e41a6f0926f93ec1503c6f83c4e58 (patch) | |
| tree | 1068aa7ab94a6acca182698c0bfdca10ecf84286 /doc | |
| parent | Remove duplicate typedef of ECPKPARAMETERS in ec.h (diff) | |
| download | openssl-dd60efea955e41a6f0926f93ec1503c6f83c4e58.tar.xz openssl-dd60efea955e41a6f0926f93ec1503c6f83c4e58.zip | |
Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/crypto/X509_check_host.pod | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod index 23447f41f2..d35ade8cb9 100644 --- a/doc/crypto/X509_check_host.pod +++ b/doc/crypto/X509_check_host.pod @@ -70,6 +70,8 @@ flags: =item B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT>, +=item B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT>, + =item B<X509_CHECK_FLAG_NO_WILDCARDS>, =item B<X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS>, @@ -86,6 +88,12 @@ one subject alternative name of the right type (DNS name or email address as appropriate); the default is to ignore the subject DN when at least one corresponding subject alternative names is present. +The B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT> flag causes the function to never +consider the subject DN even if the certificate contains no subject alternative +names of the right type (DNS name or email address as appropriate); the default +is to use the subject DN when no corresponding subject alternative names are +present. + If set, B<X509_CHECK_FLAG_NO_WILDCARDS> disables wildcard expansion; this only applies to B<X509_check_host>. |