Make tls1_check_chain return a set of flags indicating checks passed

by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison. Print out results of checks for each candidate chain tested in s_server/s_client.
author: Dr. Stephen Henson <steve@openssl.org> 2012-07-27 13:39:23 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-07-27 13:39:23 +0000
commit: 6dbb6219e7a6a5f94c9e7b0a25f0ce7c733f5060 (patch)
tree: 44eac7a7d0d5bd6828914d8b34c3119c2466d0b2 /CHANGES
parent: ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 46b23de1da..f320ef7911 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Make tls1_check_chain return a set of flags indicating checks passed
+     by a certificate chain. Add additional tests to handle client
+     certificates: checks for matching certificate type and issuer name
+     comparison.
+     [Steve Henson]
+
   *) If an attempt is made to use a signature algorithm not in the peer
      preference list abort the handshake. If client has no suitable
      signature algorithms in response to a certificate request do not
author	Dr. Stephen Henson <steve@openssl.org>	2012-07-27 13:39:23 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-07-27 13:39:23 +0000
commit	6dbb6219e7a6a5f94c9e7b0a25f0ce7c733f5060 (patch)
tree	44eac7a7d0d5bd6828914d8b34c3119c2466d0b2 /CHANGES
parent	ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1 (diff)