Improved "Standard Names" JSSE compliance
Update jsse.patch to produce RI compliant "standard names" for server
authentication types passed to X509TrustManager.checkServerTrusted
Change-Id: Ib5af6229a048ef9dd038a50f5baf96c3ebccb245
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index ba2c9f5..e523a8f 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1652,27 +1652,47 @@
return(ret);
}
-/* return string version of algorithm_auth */
+/* return string version of key exchange algorithm */
const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher)
{
- switch (cipher->algorithm_auth)
+ switch (cipher->algorithm_mkey)
{
- case SSL_aRSA:
+ case SSL_kRSA:
return SSL_TXT_RSA;
- case SSL_aDSS:
- return SSL_TXT_DSS;
- case SSL_aDH:
- return SSL_TXT_DH;
- case SSL_aKRB5:
+ case SSL_kDHr:
+ return SSL_TXT_DH "_" SSL_TXT_RSA;
+ case SSL_kDHd:
+ return SSL_TXT_DH "_" SSL_TXT_DSS;
+ case SSL_kEDH:
+ switch (cipher->algorithm_auth)
+ {
+ case SSL_aDSS:
+ return "DHE_" SSL_TXT_DSS;
+ case SSL_aRSA:
+ return "DHE_" SSL_TXT_RSA;
+ case SSL_aNULL:
+ return SSL_TXT_DH "_anon";
+ default:
+ return "UNKNOWN";
+ }
+ case SSL_kKRB5:
return SSL_TXT_KRB5;
- case SSL_aECDH:
- return SSL_TXT_ECDH;
- case SSL_aNULL:
- return SSL_TXT_NULL;
- case SSL_aECDSA:
- return SSL_TXT_ECDSA;
- case SSL_aPSK:
- return SSL_TXT_PSK;
+ case SSL_kECDHr:
+ return SSL_TXT_ECDH "_" SSL_TXT_RSA;
+ case SSL_kECDHe:
+ return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
+ case SSL_kEECDH:
+ switch (cipher->algorithm_auth)
+ {
+ case SSL_aECDSA:
+ return "ECDHE_" SSL_TXT_ECDSA;
+ case SSL_aRSA:
+ return "ECDHE_" SSL_TXT_RSA;
+ case SSL_aNULL:
+ return SSL_TXT_ECDH "_anon";
+ default:
+ return "UNKNOWN";
+ }
default:
return "UNKNOWN";
}