flags |= X509_V_FLAG_X509_STRICT;
else if (!strcmp(arg, "-policy_print"))
flags |= X509_V_FLAG_NOTIFY_POLICY;
+ else if (!strcmp(arg, "-check_ss_sig"))
+ flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
else
return 0;
int l;
l = BIO_gets(bconn, buf, sizeof buf);
- assert(l >= 0);
+ assert(l > 0);
assert(buf[l-1] == '\n');
buf[l-1] = '\0';
BN_hex2bn(bn, buf);
jpake_send_step3a(bconn, ctx);
jpake_receive_step3b(ctx, bconn);
- BIO_puts(out, "JPAKE authentication succeeded\n");
+ /*
+ * The problem is that you must use the derived key in the
+ * session key or you are subject to man-in-the-middle
+ * attacks.
+ */
+ BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
+ " be MitMed. See the version in HEAD for how to do it"
+ " properly)\n");
BIO_pop(bconn);
BIO_free(bconn);
jpake_receive_step3a(ctx, bconn);
jpake_send_step3b(bconn, ctx);
- BIO_puts(out, "JPAKE authentication succeeded\n");
+ /*
+ * The problem is that you must use the derived key in the
+ * session key or you are subject to man-in-the-middle
+ * attacks.
+ */
+ BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
+ " be MitMed. See the version in HEAD for how to do it"
+ " properly)\n");
BIO_pop(bconn);
BIO_free(bconn);