diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 14:43:51 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 14:43:51 +0000 |
| commit | 623a5e24cbec899d21a0cc90f74071e511072c30 (patch) | |
| tree | 09387127dc4b1353fc8443f4347f781b7c66f56c /ssl/ssl_cert.c | |
| parent | bd9fc1d6673f110411d03d2c2c80a25dbb5339dc (diff) | |
Add certificate callback. If set this is called whenever a certificate
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
(backport from HEAD)
Diffstat (limited to 'ssl/ssl_cert.c')
| -rw-r--r-- | ssl/ssl_cert.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 89a5131119..9aa7b04966 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -379,6 +379,9 @@ CERT *ssl_cert_dup(CERT *cert) ret->cert_flags = cert->cert_flags; + ret->cert_cb = cert->cert_cb; + ret->cert_cb_arg = cert->cert_cb_arg; + return(ret); #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) @@ -557,6 +560,12 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x) return 1; } +void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg) + { + c->cert_cb = cb; + c->cert_cb_arg = arg; + } + SESS_CERT *ssl_sess_cert_new(void) { SESS_CERT *ret; |