diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-02-23 12:00:18 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-02-23 13:36:38 +0000 |
| commit | 13dc3ce9ab483cade378bcf3844c92bacd817316 (patch) | |
| tree | 2d3b320ebf8a80586ff2c0e4f89e2a515b47bda8 /apps | |
| parent | daddd9a950e491c31f9500d5e570bc7eb96b2823 (diff) | |
New chain building flags.
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.
Add verify error code when building chain.
Update docs.
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/s_cb.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index dcc9da309c..04ebb79b93 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -259,6 +259,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, STACK_OF(X509) *chain, int build_chain) { + int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0; if (cert == NULL) return 1; if (SSL_CTX_use_certificate(ctx,cert) <= 0) @@ -288,7 +289,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, ERR_print_errors(bio_err); return 0; } - if (!chain && build_chain && !SSL_CTX_build_cert_chain(ctx, 0)) + if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) { BIO_printf(bio_err,"error building certificate chain\n"); ERR_print_errors(bio_err); |