Make tls1_check_chain return a set of flags indicating checks passed by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison. Print out results of checks for each candidate chain tested in s_server/s_client.

commit: 6dbb6219e7a6a5f94c9e7b0a25f0ce7c733f5060 [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Fri Jul 27 13:39:23 2012 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Fri Jul 27 13:39:23 2012 +0000
tree: 44eac7a7d0d5bd6828914d8b34c3119c2466d0b2
parent: ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1 [diff] [blame]
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 9547814..eb41cfd 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c

@@ -467,7 +467,8 @@
                 if (cpk->authz != NULL)
 			OPENSSL_free(cpk->authz);
 #endif
-		cpk->valid_flags = 0;
+		/* Clear all flags apart from explicit sign */
+		cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN;
 		}
 	}
commit	6dbb6219e7a6a5f94c9e7b0a25f0ce7c733f5060	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Fri Jul 27 13:39:23 2012 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Fri Jul 27 13:39:23 2012 +0000
tree	44eac7a7d0d5bd6828914d8b34c3119c2466d0b2
parent	ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1 [diff] [blame]