diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-11-20 14:50:54 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-11-20 22:13:05 +0000 |
commit | 7d4cdededc371854eb36e773ed18204593e994e1 (patch) | |
tree | 4ab65f1a2b2107eb7178350fb78584a513ca12ad /apps/s_cb.c | |
parent | 7255ca99df1f2d83d99d113dd5ca54b88d50e72b (diff) |
Print out Suite B status.
When using the -xcert option to test certificate validity print out
if we pass Suite B compliance. We print out "not tested" if we aren't
in Suite B mode.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'apps/s_cb.c')
-rw-r--r-- | apps/s_cb.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index e597eb360f..0184125447 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1255,7 +1255,7 @@ struct chain_flags chain_flags_list[] = }; -static void print_chain_flags(BIO *out, int flags) +static void print_chain_flags(BIO *out, SSL *s, int flags) { struct chain_flags *ctmp = chain_flags_list; while(ctmp->name) @@ -1264,6 +1264,11 @@ static void print_chain_flags(BIO *out, int flags) flags & ctmp->flag ? "OK" : "NOT OK"); ctmp++; } + BIO_printf(out, "\tSuite B: "); + if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS) + BIO_puts(out, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n"); + else + BIO_printf(out, "not tested\n"); } /* Very basic selection callback: just use any certificate chain @@ -1306,7 +1311,7 @@ static int set_cert_cb(SSL *ssl, void *arg) XN_FLAG_ONELINE); BIO_puts(bio_err, "\n"); - print_chain_flags(bio_err, rv); + print_chain_flags(bio_err, ssl, rv); if (rv & CERT_PKEY_VALID) { SSL_use_certificate(ssl, exc->cert); |