Add new "valid_flags" field to CERT_PKEY structure which determines what

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index e679f3e5895ea7098a8fdf195e1f5497e9960341..f190d8e0d98ddf3d097ce9af62f1796c9b71258f 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -959,6 +959,7 @@ int MAIN(int argc, char *argv[])
        int badop=0,bugs=0;
        int ret=1;
        int off=0;
+       int cert_flags = 0;
        int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
        int state=0;
        const SSL_METHOD *meth=NULL;
@@ -1396,6 +1397,8 @@ int MAIN(int argc, char *argv[])
                        keymatexportlen=atoi(*(++argv));
                        if (keymatexportlen == 0) goto bad;
                        }
+               else if (strcmp(*argv, "-cert_strict") == 0)
+                       cert_flags |= SSL_CERT_FLAG_TLS_STRICT;
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -1614,6 +1617,7 @@ bad:
        if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
        if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
        SSL_CTX_set_options(ctx,off);
+       if (cert_flags) SSL_CTX_set_cert_flags(ctx, cert_flags);
        /* DTLS: partial reads end up discarding unread UDP bytes :-( 
         * Setting read ahead solves this problem.
         */
@@ -1687,6 +1691,7 @@ bad:
                if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);
                if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
                SSL_CTX_set_options(ctx2,off);
+               if (cert_flags) SSL_CTX_set_cert_flags(ctx2, cert_flags);
                /* DTLS: partial reads end up discarding unread UDP bytes :-( 
                 * Setting read ahead solves this problem.
                 */