Make tls1_check_chain return a set of flags indicating checks passed

by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison. Print out results of checks for each candidate chain tested in s_server/s_client. (backport from HEAD)
author: Dr. Stephen Henson <steve@openssl.org> 2012-12-26 15:27:44 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-12-26 15:27:44 +0000
commit: 6660baee66e474058229911950e26e56f31fb0bf (patch)
tree: a5d7fda0ea6ae9e85f3bbab82fcd752264932dfa /ssl/ssl_cert.c
parent: 25d4c9254c1ccb2f9974abd9a9fd64ddb14f7832 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 95478141a8..eb41cfda93 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -467,7 +467,8 @@ void ssl_cert_clear_certs(CERT *c)
                 if (cpk->authz != NULL)
 			OPENSSL_free(cpk->authz);
 #endif
-		cpk->valid_flags = 0;
+		/* Clear all flags apart from explicit sign */
+		cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN;
 		}
 	}
author	Dr. Stephen Henson <steve@openssl.org>	2012-12-26 15:27:44 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-12-26 15:27:44 +0000
commit	6660baee66e474058229911950e26e56f31fb0bf (patch)
tree	a5d7fda0ea6ae9e85f3bbab82fcd752264932dfa /ssl/ssl_cert.c
parent	25d4c9254c1ccb2f9974abd9a9fd64ddb14f7832 (diff)