Add certificate callback. If set this is called whenever a certificate

is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain. (backport from HEAD)
author: Dr. Stephen Henson <steve@openssl.org> 2012-12-26 14:43:51 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-12-26 14:43:51 +0000
commit: 623a5e24cbec899d21a0cc90f74071e511072c30 (patch)
tree: 09387127dc4b1353fc8443f4347f781b7c66f56c /ssl/tls1.h
parent: bd9fc1d6673f110411d03d2c2c80a25dbb5339dc (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/tls1.h b/ssl/tls1.h
index e2acad4d70..4d087e0a2b 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -318,6 +318,8 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
 			int *psign, int *phash, int *psignandhash,
 			unsigned char *rsig, unsigned char *rhash);
 
+int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
author	Dr. Stephen Henson <steve@openssl.org>	2012-12-26 14:43:51 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-12-26 14:43:51 +0000
commit	623a5e24cbec899d21a0cc90f74071e511072c30 (patch)
tree	09387127dc4b1353fc8443f4347f781b7c66f56c /ssl/tls1.h
parent	bd9fc1d6673f110411d03d2c2c80a25dbb5339dc (diff)