return(0);
}
- /*
+ /*-
In theory this is no longer needed
ssl=SSL_new(ctx);
x509=SSL_get_certificate(ssl);
{
switch (version)
{
- case SSL2_VERSION:
- return "SSL 2.0";
case SSL3_VERSION:
return "SSL 3.0";
case TLS1_VERSION:
str_version = ssl_version_str(version);
- if (version == SSL2_VERSION)
- {
- str_details1 = "???";
-
- if (len > 0)
- {
- switch (((const unsigned char*)buf)[0])
- {
- case 0:
- str_details1 = ", ERROR:";
- str_details2 = " ???";
- if (len >= 3)
- {
- unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
-
- switch (err)
- {
- case 0x0001:
- str_details2 = " NO-CIPHER-ERROR";
- break;
- case 0x0002:
- str_details2 = " NO-CERTIFICATE-ERROR";
- break;
- case 0x0004:
- str_details2 = " BAD-CERTIFICATE-ERROR";
- break;
- case 0x0006:
- str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
- break;
- }
- }
-
- break;
- case 1:
- str_details1 = ", CLIENT-HELLO";
- break;
- case 2:
- str_details1 = ", CLIENT-MASTER-KEY";
- break;
- case 3:
- str_details1 = ", CLIENT-FINISHED";
- break;
- case 4:
- str_details1 = ", SERVER-HELLO";
- break;
- case 5:
- str_details1 = ", SERVER-VERIFY";
- break;
- case 6:
- str_details1 = ", SERVER-FINISHED";
- break;
- case 7:
- str_details1 = ", REQUEST-CERTIFICATE";
- break;
- case 8:
- str_details1 = ", CLIENT-CERTIFICATE";
- break;
- }
- }
- }
-
if (version == SSL3_VERSION ||
version == TLS1_VERSION ||
version == TLS1_1_VERSION ||
case 20:
str_details1 = ", Finished";
break;
- case 23:
- str_details1 = ", SupplementalData";
- break;
}
}
}
extname = "encrypt-then-mac";
break;
#endif
+ case TLSEXT_TYPE_padding:
+ extname = "TLS padding";
+ break;
default:
extname = "unknown";
};
-static void print_chain_flags(BIO *out, int flags)
+static void print_chain_flags(BIO *out, SSL *s, int flags)
{
struct chain_flags *ctmp = chain_flags_list;
while(ctmp->name)
flags & ctmp->flag ? "OK" : "NOT OK");
ctmp++;
}
+ BIO_printf(out, "\tSuite B: ");
+ if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
+ BIO_puts(out, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
+ else
+ BIO_printf(out, "not tested\n");
}
/* Very basic selection callback: just use any certificate chain
XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
- print_chain_flags(bio_err, rv);
+ print_chain_flags(bio_err, ssl, rv);
if (rv & CERT_PKEY_VALID)
{
SSL_use_certificate(ssl, exc->cert);
if (!exc->cert)
return 0;
if (exc->keyfile)
- exc->keyfile = exc->certfile;
- exc->key = load_key(err, exc->certfile, exc->certform, 0,
- NULL, NULL, "Server Certificate");
+ {
+ exc->key = load_key(err, exc->keyfile, exc->keyform,
+ 0, NULL, NULL, "Server Key");
+ }
+ else
+ {
+ exc->key = load_key(err, exc->certfile, exc->certform,
+ 0, NULL, NULL, "Server Key");
+ }
if (!exc->key)
return 0;
if (exc->chainfile)
exc->chainfile, FORMAT_PEM,
NULL, NULL,
"Server Chain");
- if (!exc->chainfile)
+ if (!exc->chain)
return 0;
}
}
case SSL_SECOP_CURVE_CHECK:
nm = "Check Curve";
break;
- case SSL_SECOP_SSL2_COMPAT:
- BIO_puts(sdb->out, "SSLv2 compatible");
- show_bits = 0;
- nm = NULL;
- break;
case SSL_SECOP_VERSION:
BIO_printf(sdb->out, "Version=%s", ssl_version_str(nid));
show_bits = 0;
BIO_puts(sdb->out, SSL_CIPHER_get_name(other));
break;
+#ifndef OPENSSL_NO_EC
case SSL_SECOP_OTHER_CURVE:
{
const char *cname;
BIO_puts(sdb->out, cname);
}
break;
+#endif
case SSL_SECOP_OTHER_DH:
{
projects / openssl.git / blobdiff