Add regression test for #9099
authorBenjamin Kaduk <bkaduk@akamai.com>
Thu, 13 Jun 2019 19:02:03 +0000 (12:02 -0700)
committerBenjamin Kaduk <kaduk@mit.edu>
Wed, 26 Jun 2019 17:20:55 +0000 (12:20 -0500)
commit7cb8fb07e8b71dc1fdcb0de10af7fed4347f6ea4
tree6260813f79044b648ebab872d47637b4dbe885bd
parentb11327929294cf825e4759d97af6f174bd6b081c
Add regression test for #9099

Augment the cert_cb sslapitest to include a run that uses
SSL_check_chain() to inspect the certificate prior to installing
it on the SSL object.  If the check shows the certificate as not
valid in that context, we do not install a certificate at all, so
the handshake will fail later on in processing (tls_choose_sigalg()),
exposing the indicated regression.

Currently it fails, since we have not yet set the shared sigalgs
by the time the cert_cb runs.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)
test/sslapitest.c