Make tls1_check_chain return a set of flags indicating checks passed

by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison. Print out results of checks for each candidate chain tested in s_server/s_client.
author: Dr. Stephen Henson <steve@openssl.org> 2012-07-27 13:39:23 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-07-27 13:39:23 +0000
commit: 6dbb6219e7a6a5f94c9e7b0a25f0ce7c733f5060 (patch)
tree: 44eac7a7d0d5bd6828914d8b34c3119c2466d0b2 /ssl/ssl_cert.c
parent: ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 95478141a8..eb41cfda93 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -467,7 +467,8 @@ void ssl_cert_clear_certs(CERT *c)
                 if (cpk->authz != NULL)
 			OPENSSL_free(cpk->authz);
 #endif
-		cpk->valid_flags = 0;
+		/* Clear all flags apart from explicit sign */
+		cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN;
 		}
 	}
author	Dr. Stephen Henson <steve@openssl.org>	2012-07-27 13:39:23 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-07-27 13:39:23 +0000
commit	6dbb6219e7a6a5f94c9e7b0a25f0ce7c733f5060 (patch)
tree	44eac7a7d0d5bd6828914d8b34c3119c2466d0b2 /ssl/ssl_cert.c
parent	ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1 (diff)