Print out Suite B status.

When using the -xcert option to test certificate validity print out if we pass Suite B compliance. We print out "not tested" if we aren't in Suite B mode. Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2014-11-20 14:50:54 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-11-20 22:13:05 +0000
commit: 7d4cdededc371854eb36e773ed18204593e994e1 (patch)
tree: 4ab65f1a2b2107eb7178350fb78584a513ca12ad /apps/s_cb.c
parent: 7255ca99df1f2d83d99d113dd5ca54b88d50e72b (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c
index e597eb360f..0184125447 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1255,7 +1255,7 @@ struct chain_flags chain_flags_list[] =
 	};
 
 
-static void print_chain_flags(BIO *out, int flags)
+static void print_chain_flags(BIO *out, SSL *s, int flags)
 	{
 	struct chain_flags *ctmp = chain_flags_list;
 	while(ctmp->name)
@@ -1264,6 +1264,11 @@ static void print_chain_flags(BIO *out, int flags)
 				flags & ctmp->flag ? "OK" : "NOT OK");
 		ctmp++;
 		}
+	BIO_printf(out, "\tSuite B: ");
+	if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
+		BIO_puts(out, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
+	else
+		BIO_printf(out, "not tested\n");
 	}
 
 /* Very basic selection callback: just use any certificate chain
@@ -1306,7 +1311,7 @@ static int set_cert_cb(SSL *ssl, void *arg)
 							XN_FLAG_ONELINE);
 		BIO_puts(bio_err, "\n");
 		
-		print_chain_flags(bio_err, rv);
+		print_chain_flags(bio_err, ssl, rv);
 		if (rv & CERT_PKEY_VALID)
 			{
 			SSL_use_certificate(ssl, exc->cert);
author	Dr. Stephen Henson <steve@openssl.org>	2014-11-20 14:50:54 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-11-20 22:13:05 +0000
commit	7d4cdededc371854eb36e773ed18204593e994e1 (patch)
tree	4ab65f1a2b2107eb7178350fb78584a513ca12ad /apps/s_cb.c
parent	7255ca99df1f2d83d99d113dd5ca54b88d50e72b (diff)