/* If we are using DSA, we can copy the parameters from
* the private key */
-
-
+
+
/* Now we know that a key and cert have been set against
* the SSL context */
if (!SSL_CTX_check_private_key(ctx))
return(1);
}
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+ STACK_OF(X509) *chain)
{
- if (cert == NULL)
+ if (cert == NULL)
return 1;
if (SSL_CTX_use_certificate(ctx,cert) <= 0)
{
ERR_print_errors(bio_err);
return 0;
}
- if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
- {
- BIO_printf(bio_err,"error setting private key\n");
- ERR_print_errors(bio_err);
- return 0;
- }
-
- /* Now we know that a key and cert have been set against
- * the SSL context */
+ if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
+ {
+ BIO_printf(bio_err,"error setting private key\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+
+ /* Now we know that a key and cert have been set against
+ * the SSL context */
if (!SSL_CTX_check_private_key(ctx))
{
BIO_printf(bio_err,"Private key does not match the certificate public key\n");
return 0;
}
+ if (chain && !SSL_CTX_set1_chain(ctx, chain))
+ {
+ BIO_printf(bio_err,"error setting certificate chain\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
return 1;
}
int ssl_print_curves(BIO *out, SSL *s)
{
- int i, ncurves, *curves;
- ncurves = SSL_get1_curvelist(s, NULL);
+ int i, ncurves, *curves, nid;
+ const char *cname;
+ ncurves = SSL_get1_curves(s, NULL);
if (ncurves <= 0)
return 1;
curves = OPENSSL_malloc(ncurves * sizeof(int));
- SSL_get1_curvelist(s, curves);
+ SSL_get1_curves(s, curves);
BIO_puts(out, "Supported Elliptic Curves: ");
for (i = 0; i < ncurves; i++)
{
- int nid;
- const char *cname;
if (i)
BIO_puts(out, ":");
nid = curves[i];
BIO_printf(out, "%s", cname);
}
}
- BIO_puts(out, "\n");
+ BIO_puts(out, "\nShared Elliptic curves: ");
OPENSSL_free(curves);
+ ncurves = SSL_get_shared_curve(s, -1);
+ for (i = 0; i < ncurves; i++)
+ {
+ if (i)
+ BIO_puts(out, ":");
+ nid = SSL_get_shared_curve(s, i);
+ cname = EC_curve_nid2nist(nid);
+ if (!cname)
+ cname = OBJ_nid2sn(nid);
+ BIO_printf(out, "%s", cname);
+ }
+ if (ncurves == 0)
+ BIO_puts(out, "NONE");
+ BIO_puts(out, "\n");
return 1;
}
extname = "status request";
break;
+ case TLSEXT_TYPE_user_mapping:
+ extname = "user mapping";
+ break;
+
+ case TLSEXT_TYPE_client_authz:
+ extname = "client authz";
+ break;
+
+ case TLSEXT_TYPE_server_authz:
+ extname = "server authz";
+ break;
+
+ case TLSEXT_TYPE_cert_type:
+ extname = "cert type";
+ break;
+
case TLSEXT_TYPE_elliptic_curves:
extname = "elliptic curves";
break;
extname = "EC point formats";
break;
- case TLSEXT_TYPE_session_ticket:
- extname = "server ticket";
- break;
-
- case TLSEXT_TYPE_renegotiate:
- extname = "renegotiate";
+ case TLSEXT_TYPE_srp:
+ extname = "SRP";
break;
case TLSEXT_TYPE_signature_algorithms:
extname = "signature algorithms";
break;
+ case TLSEXT_TYPE_use_srtp:
+ extname = "use SRTP";
+ break;
+
+ case TLSEXT_TYPE_heartbeat:
+ extname = "heartbeat";
+ break;
+
+ case TLSEXT_TYPE_session_ticket:
+ extname = "session ticket";
+ break;
+
+ case TLSEXT_TYPE_renegotiate:
+ extname = "renegotiation info";
+ break;
+
#ifdef TLSEXT_TYPE_opaque_prf_input
case TLSEXT_TYPE_opaque_prf_input:
extname = "opaque PRF input";
break;
#endif
+#ifdef TLSEXT_TYPE_next_proto_neg
+ case TLSEXT_TYPE_next_proto_neg:
+ extname = "next protocol";
+ break;
+#endif
default:
extname = "unknown";