Add new ctrl to retrieve client certificate types, print out

details in s_client. Also add ctrl to set client certificate types. If not used sensible values will be included based on supported signature algorithms: for example if we don't include any DSA signing algorithms the DSA certificate type is omitted. Fix restriction in old code where certificate types would be truncated if it exceeded TLS_CT_NUMBER.
author: Dr. Stephen Henson <steve@openssl.org> 2012-07-08 14:22:45 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-07-08 14:22:45 +0000
commit: 9f27b1eec3175305e62eed87faa80e231f319ca0 (patch)
tree: a75f48bb0f03a151081bdad6c7da0b1ae3777921 /ssl/ssl_locl.h
parent: 9fd603be07f4d486ad38fb107288731743e945be (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index fd23a9c189..75128751c9 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -531,6 +531,13 @@ typedef struct cert_st
 	unsigned int cert_flags;
 	CERT_PKEY pkeys[SSL_PKEY_NUM];
 
+	/* Certificate types (received or sent) in certificate request
+	 * message. On receive this is only set if number of certificate
+	 * types exceeds SSL3_CT_NUMBER.
+	 */
+	unsigned char *ctypes;
+	size_t ctype_num;
+
 	/* signature algorithms peer reports: e.g. supported signature
 	 * algorithms extension for server or as part of a certificate
 	 * request for client.
author	Dr. Stephen Henson <steve@openssl.org>	2012-07-08 14:22:45 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-07-08 14:22:45 +0000
commit	9f27b1eec3175305e62eed87faa80e231f319ca0 (patch)
tree	a75f48bb0f03a151081bdad6c7da0b1ae3777921 /ssl/ssl_locl.h
parent	9fd603be07f4d486ad38fb107288731743e945be (diff)