New ctrl to set current certificate.

New ctrl sets current certificate based on certain criteria. Currently two options: set the first valid certificate as current and set the next valid certificate as current. Using these an application can iterate over all certificates in an SSL_CTX or SSL structure. (cherry picked from commit 0f78819c8ccb7c526edbe90d5b619281366ce75c)
author: Dr. Stephen Henson <steve@openssl.org> 2014-02-02 02:51:30 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-02-02 23:12:06 +0000
commit: e2f06800bce44a87596534b9f23710becf51771a (patch)
tree: e3f390ae5845d6b655620c5aa7d8af54c0cceb57 /ssl/ssl_cert.c
parent: 1180833643d7310573366b7e3d36e70c7defba9c (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index e6234eba88..b771105785 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -646,6 +646,32 @@ int ssl_cert_select_current(CERT *c, X509 *x)
 	return 0;
 	}
 
+int ssl_cert_set_current(CERT *c, long op)
+	{
+	int i, idx;
+	if (!c)
+		return 0;
+	if (op == SSL_CERT_SET_FIRST)
+		idx = 0;
+	else if (op == SSL_CERT_SET_NEXT)
+		{
+		idx = (int)(c->key - c->pkeys + 1);
+		if (idx >= SSL_PKEY_NUM)
+			return 0;
+		}
+	else
+		return 0;
+	for (i = idx; i < SSL_PKEY_NUM; i++)
+		{
+		if (c->pkeys[i].x509)
+			{
+			c->key = &c->pkeys[i];
+			return 1;
+			}
+		}
+	return 0;
+	}
+
 void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg)
 	{
 	c->cert_cb = cb;
author	Dr. Stephen Henson <steve@openssl.org>	2014-02-02 02:51:30 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-02-02 23:12:06 +0000
commit	e2f06800bce44a87596534b9f23710becf51771a (patch)
tree	e3f390ae5845d6b655620c5aa7d8af54c0cceb57 /ssl/ssl_cert.c
parent	1180833643d7310573366b7e3d36e70c7defba9c (diff)