Add three Suite B modes to TLS code, supporting RFC6460.

(backport from HEAD)
author: Dr. Stephen Henson <steve@openssl.org> 2012-12-26 16:17:40 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-12-26 16:17:40 +0000
commit: ccf6a19e2d825f4039163393023bd15670aee946 (patch)
tree: dd5bb510651fbdaf23fdcef6c4cbf55489dfb7c4 /ssl/ssl_cert.c
parent: 28fbbe3b1bc89cd5dba6a0d9e74a3cf24d341002 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 470ac17098..6dfde2f8da 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -692,6 +692,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
 		return(0);
 		}
+	/* Set suite B flags if needed */
+	X509_STORE_CTX_set_flags(&ctx, tls1_suiteb(s));
 #if 0
 	if (SSL_get_verify_depth(s) >= 0)
 		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
@@ -1151,6 +1153,8 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
 		SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB);
 		return 0;
 		}
+	/* Set suite B flags if needed */
+	X509_STORE_CTX_set_flags(&xs_ctx, c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
 
 	i = X509_verify_cert(&xs_ctx);
 	if (i > 0)
author	Dr. Stephen Henson <steve@openssl.org>	2012-12-26 16:17:40 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-12-26 16:17:40 +0000
commit	ccf6a19e2d825f4039163393023bd15670aee946 (patch)
tree	dd5bb510651fbdaf23fdcef6c4cbf55489dfb7c4 /ssl/ssl_cert.c
parent	28fbbe3b1bc89cd5dba6a0d9e74a3cf24d341002 (diff)