Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 7b030511036c384ddae481345bdb52b27609bf2a^! / . / ssl / test / runner / common.go
commit7b030511036c384ddae481345bdb52b27609bf2a[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Tue Jul 08 17:30:11 2014 -0400
committerAdam Langley <agl@google.com>Wed Jul 09 21:03:54 2014 +0000
treec845ffe0ecd49dc5d99e574da99ea2577058b7aa
parent676d1e780e96b201113958e8a6f2e787438f200b [diff] [blame]
Add a test for certificate types parsing.

Change-Id: Icddd39ae183f981f78a65427a4dda34449ca389a
Reviewed-on: https://boringssl-review.googlesource.com/1111
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index df7cacf..dca3e9d 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -105,15 +105,15 @@
 
 // Certificate types (for certificateRequestMsg)
 const (
-	certTypeRSASign    = 1 // A certificate containing an RSA key
-	certTypeDSSSign    = 2 // A certificate containing a DSA key
-	certTypeRSAFixedDH = 3 // A certificate containing a static DH key
-	certTypeDSSFixedDH = 4 // A certificate containing a static DH key
+	CertTypeRSASign    = 1 // A certificate containing an RSA key
+	CertTypeDSSSign    = 2 // A certificate containing a DSA key
+	CertTypeRSAFixedDH = 3 // A certificate containing a static DH key
+	CertTypeDSSFixedDH = 4 // A certificate containing a static DH key
 
 	// See RFC4492 sections 3 and 5.5.
-	certTypeECDSASign      = 64 // A certificate containing an ECDSA-capable public key, signed with ECDSA.
-	certTypeRSAFixedECDH   = 65 // A certificate containing an ECDH-capable public key, signed with RSA.
-	certTypeECDSAFixedECDH = 66 // A certificate containing an ECDH-capable public key, signed with ECDSA.
+	CertTypeECDSASign      = 64 // A certificate containing an ECDSA-capable public key, signed with ECDSA.
+	CertTypeRSAFixedECDH   = 65 // A certificate containing an ECDH-capable public key, signed with RSA.
+	CertTypeECDSAFixedECDH = 66 // A certificate containing an ECDH-capable public key, signed with ECDSA.
 
 	// Rest of these are reserved by the TLS spec
 )
@@ -251,6 +251,10 @@
 	// by the policy in ClientAuth.
 	ClientCAs *x509.CertPool
 
+	// ClientCertificateTypes defines the set of allowed client certificate
+	// types. The default is CertTypeRSASign and CertTypeECDSASign.
+	ClientCertificateTypes []byte
+
 	// InsecureSkipVerify controls whether a client verifies the
 	// server's certificate chain and host name.
 	// If InsecureSkipVerify is true, TLS accepts any certificate