Add regression test for #9099
authorBenjamin Kaduk <bkaduk@akamai.com>
Thu, 13 Jun 2019 19:02:03 +0000 (12:02 -0700)
committerBenjamin Kaduk <kaduk@mit.edu>
Wed, 26 Jun 2019 17:59:03 +0000 (12:59 -0500)
commit9863b41989968fd88d1b772ac7e20e3cdaea8beb
tree64db41c3405fdf1b32c3e5c77f723bc8b4525c1c
parent2a5f63c9a61be7582620c4b5da202bb3fd7e4138
Add regression test for #9099

Augment the cert_cb sslapitest to include a run that uses
SSL_check_chain() to inspect the certificate prior to installing
it on the SSL object.  If the check shows the certificate as not
valid in that context, we do not install a certificate at all, so
the handshake will fail later on in processing (tls_choose_sigalg()),
exposing the indicated regression.

Currently it fails, since we have not yet set the shared sigalgs
by the time the cert_cb runs.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)

(cherry picked from commit 7cb8fb07e8b71dc1fdcb0de10af7fed4347f6ea4)
test/sslapitest.c