generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make tls1_check_chain return a set of flags indicating checks passed

Browse Source 
by a certificate chain. Add additional tests to handle client
certificates: checks for matching certificate type and issuer name
comparison.

Print out results of checks for each candidate chain tested in
s_server/s_client.
(backport from HEAD)
This commit is contained in:
Dr. Stephen Henson
2012-12-26 15:27:44 +00:00
parent 25d4c9254c
commit 6660baee66
8 changed files with 280 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ssl/ssl_lib.c
View File

@@ -2085,21 +2085,21 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
have_ecdh_tmp=(c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
#endif
cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
rsa_enc= cpk->valid_flags;
rsa_enc= cpk->valid_flags & CERT_PKEY_VALID;
rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
rsa_sign= (cpk->valid_flags & CERT_PKEY_SIGN);
rsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
dsa_sign= (cpk->valid_flags & CERT_PKEY_SIGN);
dsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
dh_rsa= cpk->valid_flags;
dh_rsa= cpk->valid_flags & CERT_PKEY_VALID;
dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
/* FIX THIS EAY EAY EAY */
dh_dsa= cpk->valid_flags;
dh_dsa= cpk->valid_flags & CERT_PKEY_VALID;
dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_ECC]);
have_ecc_cert= cpk->valid_flags;
have_ecc_cert= cpk->valid_flags & CERT_PKEY_VALID;
mask_k=0;
mask_a=0;
emask_k=0;