Add new "valid_flags" field to CERT_PKEY structure which determines what

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index 0305a264f9e722a5448fb6069b885bcd9df87e84..f190d8e0d98ddf3d097ce9af62f1796c9b71258f 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -274,6 +274,7 @@ static const char *s_cert_file=TEST_CERT,*s_key_file=NULL, *s_chain_file=NULL;
 #ifndef OPENSSL_NO_TLSEXT
 static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
 static char *curves=NULL;
+static char *sigalgs=NULL;
 #endif
 static char *s_dcert_file=NULL,*s_dkey_file=NULL, *s_dchain_file=NULL;
 #ifdef FIONBIO
@@ -958,6 +959,7 @@ int MAIN(int argc, char *argv[])
        int badop=0,bugs=0;
        int ret=1;
        int off=0;
+       int cert_flags = 0;
        int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
        int state=0;
        const SSL_METHOD *meth=NULL;
@@ -1205,6 +1207,11 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        curves= *(++argv);
                        }
+               else if (strcmp(*argv,"-sigalgs") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       sigalgs= *(++argv);
+                       }
 #endif
                else if (strcmp(*argv,"-msg") == 0)
                        { s_msg=1; }
@@ -1390,6 +1397,8 @@ int MAIN(int argc, char *argv[])
                        keymatexportlen=atoi(*(++argv));
                        if (keymatexportlen == 0) goto bad;
                        }
+               else if (strcmp(*argv, "-cert_strict") == 0)
+                       cert_flags |= SSL_CERT_FLAG_TLS_STRICT;
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -1608,6 +1617,7 @@ bad:
        if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
        if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
        SSL_CTX_set_options(ctx,off);
+       if (cert_flags) SSL_CTX_set_cert_flags(ctx, cert_flags);
        /* DTLS: partial reads end up discarding unread UDP bytes :-( 
         * Setting read ahead solves this problem.
         */
@@ -1681,6 +1691,7 @@ bad:
                if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);
                if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
                SSL_CTX_set_options(ctx2,off);
+               if (cert_flags) SSL_CTX_set_cert_flags(ctx2, cert_flags);
                /* DTLS: partial reads end up discarding unread UDP bytes :-( 
                 * Setting read ahead solves this problem.
                 */
@@ -1925,6 +1936,21 @@ bad:
                        goto end;
                        }
                }
+       if (sigalgs)
+               {
+               if(!SSL_CTX_set1_sigalgs_list(ctx,sigalgs))
+                       {
+                       BIO_printf(bio_err,"error setting signature algorithms\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               if(ctx2 && !SSL_CTX_set1_sigalgs_list(ctx2,sigalgs))
+                       {
+                       BIO_printf(bio_err,"error setting signature algorithms\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               }
 #endif
        SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
        SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
@@ -2551,7 +2577,7 @@ static int init_ssl_connection(SSL *con)
        if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
                BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
        str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
-       ssl_print_sigalgs(bio_s_out, con);
+       ssl_print_sigalgs(bio_s_out, con, 0);
        ssl_print_curves(bio_s_out, con);
        BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
 
@@ -2894,7 +2920,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
                                        }
                                BIO_puts(io,"\n");
                                }
-                       ssl_print_sigalgs(io, con);
+                       ssl_print_sigalgs(io, con, 0);
                        ssl_print_curves(io, con);
                        BIO_printf(io,(SSL_cache_hit(con)
                                ?"---\nReused, "