generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add certificate callback. If set this is called whenever a certificate

Browse Source 
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
This commit is contained in:
Dr. Stephen Henson
2012-06-29 14:24:42 +00:00
parent 0f39bab0df
commit 18d7158809
14 changed files with 358 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/s_apps.h
View File

@@ -181,3 +181,11 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
typedef struct ssl_excert_st SSL_EXCERT;
void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
void ssl_excert_free(SSL_EXCERT *exc);
int args_excert(char ***pargs, int *pargc,
int *badarg, BIO *err, SSL_EXCERT **pexc);
int load_excert(SSL_EXCERT **pexc, BIO *err);