diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 15:27:44 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 15:27:44 +0000 |
commit | 6660baee66e474058229911950e26e56f31fb0bf (patch) | |
tree | a5d7fda0ea6ae9e85f3bbab82fcd752264932dfa /ssl/ssl_cert.c | |
parent | 25d4c9254c1ccb2f9974abd9a9fd64ddb14f7832 (diff) |
Make tls1_check_chain return a set of flags indicating checks passed
by a certificate chain. Add additional tests to handle client
certificates: checks for matching certificate type and issuer name
comparison.
Print out results of checks for each candidate chain tested in
s_server/s_client.
(backport from HEAD)
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 95478141a8..eb41cfda93 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -467,7 +467,8 @@ void ssl_cert_clear_certs(CERT *c) if (cpk->authz != NULL) OPENSSL_free(cpk->authz); #endif - cpk->valid_flags = 0; + /* Clear all flags apart from explicit sign */ + cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN; } } |