diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-06-29 14:24:42 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-06-29 14:24:42 +0000 |
commit | 18d7158809c9722f4c6d2a8af7513577274f9b56 (patch) | |
tree | 21cf503b096928ae887c28b997622eb4ee6bfd70 /apps/s_apps.h | |
parent | 0f39bab0df4109bab7effc7428e1d759f36d8642 (diff) |
Add certificate callback. If set this is called whenever a certificate
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
Diffstat (limited to 'apps/s_apps.h')
-rw-r--r-- | apps/s_apps.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/apps/s_apps.h b/apps/s_apps.h index 8c644ec7db..3491b1ab69 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -181,3 +181,11 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len); + +typedef struct ssl_excert_st SSL_EXCERT; + +void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc); +void ssl_excert_free(SSL_EXCERT *exc); +int args_excert(char ***pargs, int *pargc, + int *badarg, BIO *err, SSL_EXCERT **pexc); +int load_excert(SSL_EXCERT **pexc, BIO *err); |