Add certificate callback. If set this is called whenever a certificate

is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain.
author: Dr. Stephen Henson <steve@openssl.org> 2012-06-29 14:24:42 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-06-29 14:24:42 +0000
commit: 18d7158809c9722f4c6d2a8af7513577274f9b56 (patch)
tree: 21cf503b096928ae887c28b997622eb4ee6bfd70 /ssl/ssl_err.c
parent: 0f39bab0df4109bab7effc7428e1d759f36d8642 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 3b32f55e44..34695e8ebf 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -356,6 +356,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_CA_DN_TOO_LONG)        ,"ca dn too long"},
 {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY)    ,"ccs received early"},
 {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
+{ERR_REASON(SSL_R_CERT_CB_ERROR)         ,"cert cb error"},
 {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH)  ,"cert length mismatch"},
 {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
 {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
author	Dr. Stephen Henson <steve@openssl.org>	2012-06-29 14:24:42 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-06-29 14:24:42 +0000
commit	18d7158809c9722f4c6d2a8af7513577274f9b56 (patch)
tree	21cf503b096928ae887c28b997622eb4ee6bfd70 /ssl/ssl_err.c
parent	0f39bab0df4109bab7effc7428e1d759f36d8642 (diff)