From c5ea65b157e17743c881b9e348524b0281b3d39f Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 23 Feb 2014 12:00:18 +0000
Subject: New chain building flags.

New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.

Add verify error code when building chain.

Update docs.
(cherry picked from commit 13dc3ce9ab483cade378bcf3844c92bacd817316)
---
 apps/s_cb.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'apps')

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 3af9b7ad9c..0f21838cdb 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -259,6 +259,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
 		       STACK_OF(X509) *chain, int build_chain)
 	{
+	int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
 	if (cert == NULL)
 		return 1;
 	if (SSL_CTX_use_certificate(ctx,cert) <= 0)
@@ -288,7 +289,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
 		ERR_print_errors(bio_err);
 		return 0;
 		}
-	if (!chain && build_chain && !SSL_CTX_build_cert_chain(ctx, 0))
+	if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags))
 		{
 		BIO_printf(bio_err,"error building certificate chain\n");
 		ERR_print_errors(bio_err);
-- 
cgit v1.2.3