summaryrefslogtreecommitdiffstats
path: root/ssl/ssl_cert.c
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2012-06-29 16:24:42 +0200
committerDr. Stephen Henson <steve@openssl.org>2012-06-29 16:24:42 +0200
commit18d7158809c9722f4c6d2a8af7513577274f9b56 (patch)
tree21cf503b096928ae887c28b997622eb4ee6bfd70 /ssl/ssl_cert.c
parentFunction tls1_check_ec_server_key is now redundant as we make (diff)
downloadopenssl-18d7158809c9722f4c6d2a8af7513577274f9b56.tar.xz
openssl-18d7158809c9722f4c6d2a8af7513577274f9b56.zip
Add certificate callback. If set this is called whenever a certificate
is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain.
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r--ssl/ssl_cert.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 89a5131119..9aa7b04966 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -379,6 +379,9 @@ CERT *ssl_cert_dup(CERT *cert)
ret->cert_flags = cert->cert_flags;
+ ret->cert_cb = cert->cert_cb;
+ ret->cert_cb_arg = cert->cert_cb_arg;
+
return(ret);
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
@@ -557,6 +560,12 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x)
return 1;
}
+void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg)
+ {
+ c->cert_cb = cb;
+ c->cert_cb_arg = arg;
+ }
+
SESS_CERT *ssl_sess_cert_new(void)
{
SESS_CERT *ret;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 14:51:22 +0100