generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add compilation flag to disable certain protocol checks and allow use of

Browse Source 
some invalid operations for testing purposes. Currently this can be used
to sign using digests the peer doesn't support, EC curves the peer
doesn't support and use certificates which don't match the type associated
with a ciphersuite.
This commit is contained in:
Dr. Stephen Henson
2012-08-29 13:18:34 +00:00
parent 81f57e5a69
commit ed83ba5321
5 changed files with 70 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/s_client.c
View File

@@ -1007,6 +1007,10 @@ int MAIN(int argc, char **argv)
}
else if (strcmp(*argv, "-cert_strict") == 0)
cert_flags |= SSL_CERT_FLAG_TLS_STRICT;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
else if (strcmp(*argv, "-debug_broken_protocol") == 0)
cert_flags |= SSL_CERT_FLAG_BROKEN_PROTCOL;
#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);

4
apps/s_server.c
View File

@@ -1440,6 +1440,10 @@ int MAIN(int argc, char *argv[])
}
else if (strcmp(*argv, "-cert_strict") == 0)
cert_flags |= SSL_CERT_FLAG_TLS_STRICT;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
else if (strcmp(*argv, "-debug_broken_protocol") == 0)
cert_flags |= SSL_CERT_FLAG_BROKEN_PROTCOL;
#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);