New ctrl to set current certificate.

New ctrl sets current certificate based on certain criteria. Currently two options: set the first valid certificate as current and set the next valid certificate as current. Using these an application can iterate over all certificates in an SSL_CTX or SSL structure. (cherry picked from commit 0f78819c8ccb7c526edbe90d5b619281366ce75c)
author: Dr. Stephen Henson <steve@openssl.org> 2014-02-02 02:51:30 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-02-02 23:12:06 +0000
commit: e2f06800bce44a87596534b9f23710becf51771a (patch)
tree: e3f390ae5845d6b655620c5aa7d8af54c0cceb57 /demos
parent: 1180833643d7310573366b7e3d36e70c7defba9c (diff)
1 files changed, 18 insertions, 1 deletions
diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c
index be35e6210b..0d432a4762 100644
--- a/demos/bio/server-arg.c
+++ b/demos/bio/server-arg.c
@@ -82,7 +82,24 @@ int main(int argc, char *argv[])
 		ERR_print_errors_fp(stderr);
 		goto err;
 		}
-
+#if 0
+	/* Demo of how to iterate over all certificates in an SSL_CTX
+	 * structure.
+	 */
+	{
+	X509 *x;
+	int rv;
+	rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST);
+	while (rv)
+		{
+		X509 *x = SSL_CTX_get0_certificate(ctx);
+		X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
+		printf("\n");
+		rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT);
+		}
+	fflush(stdout);
+	}
+#endif
 	/* Setup server side SSL bio */
 	ssl_bio=BIO_new_ssl(ctx,0);
author	Dr. Stephen Henson <steve@openssl.org>	2014-02-02 02:51:30 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-02-02 23:12:06 +0000
commit	e2f06800bce44a87596534b9f23710becf51771a (patch)
tree	e3f390ae5845d6b655620c5aa7d8af54c0cceb57 /demos
parent	1180833643d7310573366b7e3d36e70c7defba9c (diff)