Commit 7d4cdede authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Print out Suite B status. 



When using the -xcert option to test certificate validity print out
if we pass Suite B compliance. We print out "not tested" if we aren't
in Suite B mode.
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 7255ca99

apps/s_cb.c

+7 −2
Original line number Diff line number Diff line
@@ -1255,7 +1255,7 @@ struct chain_flags chain_flags_list[] = 
	};





static void print_chain_flags(BIO *out, int flags)

static void print_chain_flags(BIO *out, SSL *s, int flags)

	{

	struct chain_flags *ctmp = chain_flags_list;

	while(ctmp->name)
@@ -1264,6 +1264,11 @@ static void print_chain_flags(BIO *out, int flags) 
				flags & ctmp->flag ? "OK" : "NOT OK");

		ctmp++;

		}

	BIO_printf(out, "\tSuite B: ");

	if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)

		BIO_puts(out, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");

	else

		BIO_printf(out, "not tested\n");

	}



/* Very basic selection callback: just use any certificate chain
@@ -1306,7 +1311,7 @@ static int set_cert_cb(SSL *ssl, void *arg) 
							XN_FLAG_ONELINE);

		BIO_puts(bio_err, "\n");

		

		print_chain_flags(bio_err, rv);

		print_chain_flags(bio_err, ssl, rv);

		if (rv & CERT_PKEY_VALID)

			{

			SSL_use_certificate(ssl, exc->cert);