diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-11-30 19:24:13 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-08-19 18:10:04 +0100 |
commit | 8c33e40d2e501680fee1d5df23eb94c7da1111be (patch) | |
tree | 2966006f2e93688061bdb18a7e486bd208973096 /apps/x509.c | |
parent | 0d04af1e7258ff76b6211be3d3cd0c4f24615367 (diff) |
Add new test option set the version in generated certificates: this
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
(cherry picked from commit df316fd43c5b1e063b84279f245087a578b67e9b)
Diffstat (limited to 'apps/x509.c')
-rw-r--r-- | apps/x509.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/apps/x509.c b/apps/x509.c index 51c86b4139..1b612d17d4 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -166,6 +166,9 @@ static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, CONF *conf, char *section, ASN1_INTEGER *sno); static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); static int reqfile=0; +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL +static int force_version=2; +#endif int MAIN(int, char **); @@ -288,6 +291,13 @@ int MAIN(int argc, char **argv) if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) goto bad; } +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL + else if (strcmp(*argv,"-force_version") == 0) + { + if (--argc < 1) goto bad; + force_version=atoi(*(++argv)) - 1; + } +#endif else if (strcmp(*argv,"-days") == 0) { if (--argc < 1) goto bad; @@ -1247,7 +1257,11 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, if (conf) { X509V3_CTX ctx2; +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL + X509_set_version(x, force_version); +#else X509_set_version(x,2); /* version 3 certificate */ +#endif X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); X509V3_set_nconf(&ctx2, conf); if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end; @@ -1325,7 +1339,11 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig if (conf) { X509V3_CTX ctx; +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL + X509_set_version(x, force_version); +#else X509_set_version(x,2); /* version 3 certificate */ +#endif X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); X509V3_set_nconf(&ctx, conf); if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err; |