diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-06-01 22:33:24 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-06-01 22:33:24 +0000 |
commit | 368888bcb6192b96638c3d6dd706103be52eac89 (patch) | |
tree | 8dd1f0a48976e76117fdb806cec27f76917f7c07 /ssl/s3_clnt.c | |
parent | eafd6e5110b2e180ee449ac3bfb16952aa55a664 (diff) |
Add client cert engine to SSL routines.
Diffstat (limited to 'ssl/s3_clnt.c')
-rw-r--r-- | ssl/s3_clnt.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 23875f00e0..8f96120d2e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -160,6 +160,9 @@ #include <openssl/dh.h> #endif #include <openssl/bn.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif static const SSL_METHOD *ssl3_get_client_method(int ver); static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); @@ -2723,8 +2726,7 @@ int ssl3_send_client_certificate(SSL *s) * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ i=0; - if (s->ctx->client_cert_cb != NULL) - i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); + i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; @@ -2948,3 +2950,21 @@ static int ssl3_check_finished(SSL *s) return 1; } #endif + +int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) + { + int i = 0; +#ifndef OPENSSL_NO_ENGINE + if (s->ctx->client_cert_engine) + { + i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, + SSL_get_client_CA_list(s), + px509, ppkey, NULL, NULL); + if (i != 0) + return i; + } +#endif + if (s->ctx->client_cert_cb) + i = s->ctx->client_cert_cb(s,px509,ppkey); + return i; + } |