Add compilation flag to disable certain protocol checks and allow use of

some invalid operations for testing purposes. Currently this can be used to sign using digests the peer doesn't support, EC curves the peer doesn't support and use certificates which don't match the type associated with a ciphersuite.
author: Dr. Stephen Henson <steve@openssl.org> 2012-08-29 13:18:34 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-08-29 13:18:34 +0000
commit: ed83ba53212f81e590b3cf9adb49c04069430659 (patch)
tree: 31ef13fef0077e84c5752ec1c8a47aedb25ede3f /apps/s_client.c
parent: 81f57e5a69c7ecd3e259992c937e5e76446f3f63 (diff)
download: openssl-ed83ba53212f81e590b3cf9adb49c04069430659.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index 783a49e083..0591adde24 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1007,6 +1007,10 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv, "-cert_strict") == 0)
 			cert_flags |= SSL_CERT_FLAG_TLS_STRICT;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+		else if (strcmp(*argv, "-debug_broken_protocol") == 0)
+			cert_flags |= SSL_CERT_FLAG_BROKEN_PROTCOL;
+#endif
                 else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
author	Dr. Stephen Henson <steve@openssl.org>	2012-08-29 13:18:34 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-08-29 13:18:34 +0000
commit	ed83ba53212f81e590b3cf9adb49c04069430659 (patch)
tree	31ef13fef0077e84c5752ec1c8a47aedb25ede3f /apps/s_client.c
parent	81f57e5a69c7ecd3e259992c937e5e76446f3f63 (diff)
download	openssl-ed83ba53212f81e590b3cf9adb49c04069430659.tar.gz