Add regression test for #9099
Augment the cert_cb sslapitest to include a run that uses SSL_check_chain() to inspect the certificate prior to installing it on the SSL object. If the check shows the certificate as not valid in that context, we do not install a certificate at all, so the handshake will fail later on in processing (tls_choose_sigalg()), exposing the indicated regression. Currently it fails, since we have not yet set the shared sigalgs by the time the cert_cb runs. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9157) (cherry picked from commit 7cb8fb07e8b71dc1fdcb0de10af7fed4347f6ea4)
parent
2a5f63c9
Please register or sign in to comment