Add certificate callback. If set this is called whenever a certificate

is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain.
author: Dr. Stephen Henson <steve@openssl.org> 2012-06-29 14:24:42 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-06-29 14:24:42 +0000
commit: 18d7158809c9722f4c6d2a8af7513577274f9b56 (patch)
tree: 21cf503b096928ae887c28b997622eb4ee6bfd70 /apps/s_apps.h
parent: 0f39bab0df4109bab7effc7428e1d759f36d8642 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 8c644ec7db..3491b1ab69 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -181,3 +181,11 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
 
 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
+
+typedef struct ssl_excert_st SSL_EXCERT;
+
+void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
+void ssl_excert_free(SSL_EXCERT *exc);
+int args_excert(char ***pargs, int *pargc,
+			int *badarg, BIO *err, SSL_EXCERT **pexc);
+int load_excert(SSL_EXCERT **pexc, BIO *err);
author	Dr. Stephen Henson <steve@openssl.org>	2012-06-29 14:24:42 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-06-29 14:24:42 +0000
commit	18d7158809c9722f4c6d2a8af7513577274f9b56 (patch)
tree	21cf503b096928ae887c28b997622eb4ee6bfd70 /apps/s_apps.h
parent	0f39bab0df4109bab7effc7428e1d759f36d8642 (diff)