Import “altchains” support. This change imports the following changes from upstream: 6281abc79623419eae6a64768c478272d5d3a426 dfd3322d72a2d49f597b86dab6f37a8cf0f26dbf f34b095fab1569d093b639bfcc9a77d6020148ff 21376d8ae310cf0455ca2b73c8e9f77cafeb28dd 25efcb44ac88ab34f60047e16a96c9462fad39c1 56353962e7da7e385c3d577581ccc3015ed6d1dc 39c76ceb2d3e51eaff95e04d6e4448f685718f8d a3d74afcae435c549de8dbaa219fcb30491c1bfb These contain the “altchains” functionality which allows OpenSSL to backtrack when chain building. Change-Id: I8d4bc2ac67b90091f9d46e7355cae878b4ccf37d Reviewed-on: https://boringssl-review.googlesource.com/6905 Reviewed-by: Adam Langley <agl@google.com>

commit: 3a39b06011d31357c98091687e24ab38a3e8514e [log] [tgz]
author: Adam Langley <agl@google.com> Thu Jan 14 14:08:58 2016 -0800
committer: Adam Langley <agl@google.com> Tue Jan 19 17:02:31 2016 +0000
tree: cebb750b93c4a69055d14aa2f9229983b522f00d
parent: 57707c70dc137471b8850c8287839ad13a0d2a19 [diff] [blame]
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index b39ef49..bd7ded7 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h

@@ -412,6 +412,11 @@
 /* Allow partial chains if at least one certificate is in trusted store */
 #define X509_V_FLAG_PARTIAL_CHAIN		0x80000
 
+/* If the initial chain is not trusted, do not attempt to build an alternative
+ * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag
+ * will force the behaviour to match that of previous versions. */
+#define X509_V_FLAG_NO_ALT_CHAINS		0x100000
+
 #define X509_VP_FLAG_DEFAULT			0x1
 #define X509_VP_FLAG_OVERWRITE			0x2
 #define X509_VP_FLAG_RESET_FLAGS		0x4
commit	3a39b06011d31357c98091687e24ab38a3e8514e	[log] [tgz]
author	Adam Langley <agl@google.com>	Thu Jan 14 14:08:58 2016 -0800
committer	Adam Langley <agl@google.com>	Tue Jan 19 17:02:31 2016 +0000
tree	cebb750b93c4a69055d14aa2f9229983b522f00d
parent	57707c70dc137471b8850c8287839ad13a0d2a19 [diff] [blame]