Make tls1_check_chain return a set of flags indicating checks passed
by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison. Print out results of checks for each candidate chain tested in s_server/s_client. (backport from HEAD)
This commit is contained in:
Dr. Stephen Henson
@@ -468,14 +468,6 @@
|
||||
#define NAMED_CURVE_TYPE 3
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
|
||||
/* Values for valid_flags in CERT_PKEY structure */
|
||||
/* Certificate inconsistent with session, key missing etc */
|
||||
#define CERT_PKEY_INVALID 0x0
|
||||
/* Certificate can be used with this sesstion */
|
||||
#define CERT_PKEY_VALID 0x1
|
||||
/* Certificate can also be used for signing */
|
||||
#define CERT_PKEY_SIGN 0x2
|
||||
|
||||
typedef struct cert_pkey_st
|
||||
{
|
||||
X509 *x509;
|
||||
|
||||
Reference in New Issue
Block a user