diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 14:43:51 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 14:43:51 +0000 |
commit | 623a5e24cbec899d21a0cc90f74071e511072c30 (patch) | |
tree | 09387127dc4b1353fc8443f4347f781b7c66f56c /ssl/tls1.h | |
parent | bd9fc1d6673f110411d03d2c2c80a25dbb5339dc (diff) |
Add certificate callback. If set this is called whenever a certificate
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
(backport from HEAD)
Diffstat (limited to 'ssl/tls1.h')
-rw-r--r-- | ssl/tls1.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/tls1.h b/ssl/tls1.h index e2acad4d70..4d087e0a2b 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -318,6 +318,8 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, unsigned char *rsig, unsigned char *rhash); +int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + #define SSL_set_tlsext_host_name(s,name) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) |