Support TLS_FALLBACK_SCSV.

[oweals/openssl.git] / apps / s_cb.c

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 78f1d93c6c9e2d9a05c582aa2a854c502284f1d1..ed877af1220e9d4da16e45987c8339d54187f8bb 100644 (file)
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -259,6 +259,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
                       STACK_OF(X509) *chain, int build_chain)
        {
+       int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
        if (cert == NULL)
                return 1;
        if (SSL_CTX_use_certificate(ctx,cert) <= 0)
@@ -288,7 +289,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
                ERR_print_errors(bio_err);
                return 0;
                }
-       if (!chain && build_chain && !SSL_CTX_build_cert_chain(ctx, 0))
+       if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags))
                {
                BIO_printf(bio_err,"error building certificate chain\n");
                ERR_print_errors(bio_err);
@@ -1021,6 +1022,10 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
                break;
 #endif
 
+               case TLSEXT_TYPE_padding:
+               extname = "TLS padding";
+               break;
+
                default:
                extname = "unknown";
                break;