From b814c01a769342e65ba80efe0836614b41c2939a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 4 Jun 2008 12:03:57 +0000 Subject: Tidy up and add comments to selection code. --- engines/e_capi.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'engines') diff --git a/engines/e_capi.c b/engines/e_capi.c index f26afab6cf..f03d9c7c8a 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -1526,7 +1526,7 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, hstore = capi_open_store(ctx, storename); if (!hstore) return 0; - /* Enumerate all certificates looking for a match */ + /* Enumerate all certificates collect any matches */ for(i = 0;;i++) { cert = CertEnumCertificatesInStore(hstore, cert); @@ -1544,6 +1544,9 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, key = capi_get_cert_key(ctx, cert); if (!key) continue; + /* Match found: attach extra data to it so + * we can retrieve the key later. + */ excert = CertDuplicateCertificateContext(cert); X509_set_ex_data(x, cert_capi_idx, key); @@ -1551,16 +1554,6 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, certs = sk_X509_new_null(); sk_X509_push(certs, x); -#if 0 - pk = capi_get_pkey(e, key); - if (!pk) - { - capi_free_key(key); - continue; - } - *pcert = x; - *pkey = pk; -#endif } else X509_free(x); @@ -1573,8 +1566,13 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, if (!certs) return 0; + + /* Select the appropriate certificate */ + client_cert_idx = client_cert_select(e, ssl, certs); + /* Set the selected certificate and free the rest */ + for(i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); @@ -1593,6 +1591,8 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, if (!*pcert) return 0; + /* Setup key for selected certificate */ + key = X509_get_ex_data(*pcert, cert_capi_idx); *pkey = capi_get_pkey(e, key); X509_set_ex_data(*pcert, cert_capi_idx, NULL); -- cgit v1.2.3