提交 df316fd4 编写于 作者: D Dr. Stephen Henson

Add new test option set the version in generated certificates: this

is needed to test some profiles/protocols which reject certificates
with unsupported versions.
上级 2fceff5b
...@@ -166,6 +166,9 @@ static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, ...@@ -166,6 +166,9 @@ static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
CONF *conf, char *section, ASN1_INTEGER *sno); CONF *conf, char *section, ASN1_INTEGER *sno);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
static int reqfile=0; static int reqfile=0;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
static int force_version=2;
#endif
int MAIN(int, char **); int MAIN(int, char **);
...@@ -288,6 +291,13 @@ int MAIN(int argc, char **argv) ...@@ -288,6 +291,13 @@ int MAIN(int argc, char **argv)
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
goto bad; goto bad;
} }
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
else if (strcmp(*argv,"-force_version") == 0)
{
if (--argc < 1) goto bad;
force_version=atoi(*(++argv)) - 1;
}
#endif
else if (strcmp(*argv,"-days") == 0) else if (strcmp(*argv,"-days") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
...@@ -1247,7 +1257,11 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, ...@@ -1247,7 +1257,11 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
if (conf) if (conf)
{ {
X509V3_CTX ctx2; X509V3_CTX ctx2;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
X509_set_version(x, force_version);
#else
X509_set_version(x,2); /* version 3 certificate */ X509_set_version(x,2); /* version 3 certificate */
#endif
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx2, conf); X509V3_set_nconf(&ctx2, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end; if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
...@@ -1325,7 +1339,11 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig ...@@ -1325,7 +1339,11 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
if (conf) if (conf)
{ {
X509V3_CTX ctx; X509V3_CTX ctx;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
X509_set_version(x, force_version);
#else
X509_set_version(x,2); /* version 3 certificate */ X509_set_version(x,2); /* version 3 certificate */
#endif
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx, conf); X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err; if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册