diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-03-15 16:07:07 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-03-16 18:07:19 +0000 |
commit | 2e21539b2b57df9926d165243efb60480f546ba7 (patch) | |
tree | 83a2e1fab84479ce9020147b72f70e70cec3ca63 /test/handshake_helper.c | |
parent | f8f16d8ea48fd331d384dad3027a925e7dc90f0b (diff) |
Add ExpectedClientCANames
Add ExpectedClientCANames: for client auth this checks to see if the
list of certificate authorities supplied by the server matches the
expected value.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2969)
Diffstat (limited to 'test/handshake_helper.c')
-rw-r--r-- | test/handshake_helper.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 30fd479837..4bccac1d4e 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -34,6 +34,7 @@ void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result) OPENSSL_free(result->server_npn_negotiated); OPENSSL_free(result->client_alpn_negotiated); OPENSSL_free(result->server_alpn_negotiated); + sk_X509_NAME_pop_free(result->client_ca_names, X509_NAME_free); OPENSSL_free(result); } @@ -1122,6 +1123,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( /* API dictates unsigned int rather than size_t. */ unsigned int proto_len = 0; EVP_PKEY *tmp_key; + STACK_OF(X509_NAME) *names; memset(&server_ctx_data, 0, sizeof(server_ctx_data)); memset(&server2_ctx_data, 0, sizeof(server2_ctx_data)); @@ -1295,6 +1297,12 @@ static HANDSHAKE_RESULT *do_handshake_internal( SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type); SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type); + names = SSL_get_client_CA_list(client.ssl); + if (names == NULL) + ret->client_ca_names = NULL; + else + ret->client_ca_names = SSL_dup_CA_list(names); + ret->server_cert_type = peer_pkey_type(client.ssl); ret->client_cert_type = peer_pkey_type(server.ssl); |