int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
STACK_OF(X509) *chain, int build_chain)
{
+ int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
if (cert == NULL)
return 1;
if (SSL_CTX_use_certificate(ctx,cert) <= 0)
ERR_print_errors(bio_err);
return 0;
}
- if (!chain && build_chain && !SSL_CTX_build_cert_chain(ctx, 0))
+ if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags))
{
BIO_printf(bio_err,"error building certificate chain\n");
ERR_print_errors(bio_err);
BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid));
return 1;
}
-
+#ifndef OPENSSL_NO_EC
int ssl_print_point_formats(BIO *out, SSL *s)
{
int i, nformats;
BIO_puts(out, "\n");
return 1;
}
-
+#endif
int ssl_print_tmp_key(BIO *out, SSL *s)
{
EVP_PKEY *key;
case EVP_PKEY_DH:
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
break;
-
+#ifndef OPENSSL_NO_ECDH
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
BIO_printf(out, "ECDH, %s, %d bits\n",
cname, EVP_PKEY_bits(key));
}
+#endif
}
EVP_PKEY_free(key);
return 1;
break;
#endif
+ case TLSEXT_TYPE_padding:
+ extname = "TLS padding";
+ break;
+
default:
extname = "unknown";
break;
{
int i, rv;
SSL_EXCERT *exc = arg;
+#ifdef CERT_CB_TEST_RETRY
+ static int retry_cnt;
+ if (retry_cnt < 5)
+ {
+ retry_cnt++;
+ fprintf(stderr, "Certificate callback retry test: count %d\n",
+ retry_cnt);
+ return -1;
+ }
+#endif
SSL_certs_clear(ssl);
if (!exc)
}
}
#endif
+ if (!SSL_CONF_CTX_finish(cctx))
+ {
+ BIO_puts(err, "Error finishing context\n");
+ ERR_print_errors(err);
+ return 0;
+ }
return 1;
}
ch = X509_STORE_new();
if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
goto err;
- /*X509_STORE_set_verify_cb(ch, verify_callback);*/
SSL_CTX_set1_chain_cert_store(ctx, ch);
}
rv = 1;