Add compilation flag to disable certain protocol checks and allow use of
some invalid operations for testing purposes. Currently this can be used to sign using digests the peer doesn't support, EC curves the peer doesn't support and use certificates which don't match the type associated with a ciphersuite.
This commit is contained in:
Dr. Stephen Henson
@@ -663,7 +663,8 @@ struct ssl_session_st
|
||||
/* Suite B 128 bit mode allowing 192 bit algorithms */
|
||||
#define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000
|
||||
|
||||
|
||||
/* Perform all sorts of protocol violations for testing purposes */
|
||||
#define SSL_CERT_FLAG_BROKEN_PROTCOL 0x10000000
|
||||
|
||||
/* Flags for building certificate chains */
|
||||
/* Treat any existing certificates as untrusted CAs */
|
||||
|
||||
Reference in New Issue
Block a user