/* If we are using DSA, we can copy the parameters from
* the private key */
-
-
+
+
/* Now we know that a key and cert have been set against
* the SSL context */
if (!SSL_CTX_check_private_key(ctx))
return(1);
}
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+ STACK_OF(X509) *chain)
{
- if (cert == NULL)
+ if (cert == NULL)
return 1;
if (SSL_CTX_use_certificate(ctx,cert) <= 0)
{
ERR_print_errors(bio_err);
return 0;
}
- if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
- {
- BIO_printf(bio_err,"error setting private key\n");
- ERR_print_errors(bio_err);
- return 0;
- }
-
- /* Now we know that a key and cert have been set against
- * the SSL context */
+ if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
+ {
+ BIO_printf(bio_err,"error setting private key\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+
+ /* Now we know that a key and cert have been set against
+ * the SSL context */
if (!SSL_CTX_check_private_key(ctx))
{
BIO_printf(bio_err,"Private key does not match the certificate public key\n");
return 0;
}
+ if (chain && !SSL_CTX_set1_chain(ctx, chain))
+ {
+ BIO_printf(bio_err,"error setting certificate chain\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
return 1;
}
-int ssl_print_sigalgs(BIO *out, SSL *s)
+static int do_print_sigalgs(BIO *out, SSL *s, int client, int shared)
{
int i, nsig;
- nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
+ if (shared)
+ nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,
+ NULL, NULL);
+ else
+ nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
if (nsig == 0)
return 1;
+ if (shared)
+ BIO_puts(out, "Shared ");
+
+ if (client)
+ BIO_puts(out, "Requested ");
BIO_puts(out, "Signature Algorithms: ");
for (i = 0; i < nsig; i++)
{
int hash_nid, sign_nid;
unsigned char rhash, rsign;
const char *sstr = NULL;
- SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
+ if (shared)
+ SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
+ &rsign, &rhash);
+ else
+ SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
&rsign, &rhash);
if (i)
BIO_puts(out, ":");
return 1;
}
+int ssl_print_sigalgs(BIO *out, SSL *s, int client)
+ {
+ do_print_sigalgs(out, s, client, 0);
+ do_print_sigalgs(out, s, client, 1);
+ return 1;
+ }
+
int ssl_print_curves(BIO *out, SSL *s)
{
- int i, ncurves, *curves;
- ncurves = SSL_get1_curvelist(s, NULL);
+ int i, ncurves, *curves, nid;
+ const char *cname;
+ ncurves = SSL_get1_curves(s, NULL);
if (ncurves <= 0)
return 1;
curves = OPENSSL_malloc(ncurves * sizeof(int));
- SSL_get1_curvelist(s, curves);
+ SSL_get1_curves(s, curves);
BIO_puts(out, "Supported Elliptic Curves: ");
for (i = 0; i < ncurves; i++)
{
- int nid;
- const char *cname;
if (i)
BIO_puts(out, ":");
nid = curves[i];
BIO_printf(out, "%s", cname);
}
}
- BIO_puts(out, "\n");
+ BIO_puts(out, "\nShared Elliptic curves: ");
OPENSSL_free(curves);
+ ncurves = SSL_get_shared_curve(s, -1);
+ for (i = 0; i < ncurves; i++)
+ {
+ if (i)
+ BIO_puts(out, ":");
+ nid = SSL_get_shared_curve(s, i);
+ cname = EC_curve_nid2nist(nid);
+ if (!cname)
+ cname = OBJ_nid2sn(nid);
+ BIO_printf(out, "%s", cname);
+ }
+ if (ncurves == 0)
+ BIO_puts(out, "NONE");
+ BIO_puts(out, "\n");
return 1;
}
if (version == SSL3_VERSION ||
version == TLS1_VERSION ||
+ version == TLS1_1_VERSION ||
+ version == TLS1_2_VERSION ||
version == DTLS1_VERSION ||
version == DTLS1_BAD_VER)
{