plus upcoming revisions. The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
tests/ssl/ssl.sh
unix_rand.c, and win_rand.c. 2. Make secrng.h and pqgutil.h private.
3. Public header pk11pqg.h can't include private header pqgutil.h.
4. Many files don't need to include secrng.h. A few don't need to include
pqgutil.h. 5. Remove duplicate declarations of PQG_DestroyParams and
PQG_DestroyVerify from blapi.h.
Save error code at the beginning of printCertProblems, and restore it at
the end, since CERT_VerifyCert nearly always sets the error code to
-8157 Certificate extension not found when building an error log.
Bug 172036.
correctly.
NOTES: This program is a (very slightly) modified version of the
SSLSample/client.c program. As such it used the sample program support, which is
a duplication of much of secutil. Future enhancements would be 1) link with
secutil.lib. 2) When handling BadCert requests, run the Full VerifyCert and dump
the results. Make connections to the servers testing SSL2, SSL3 and TLS.
Changes were basically 1) Set the program to run without a security database
(this means no token support, or client auth). 2) Explicitly load the builtins
module so that we can test against the standard trust.
