generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add certificate callback. If set this is called whenever a certificate

Browse Source 
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
This commit is contained in:
Dr. Stephen Henson
2012-06-29 14:24:42 +00:00
parent 0f39bab0df
commit 18d7158809
14 changed files with 358 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ssl/s3_srvr.c
View File

@@ -1357,6 +1357,14 @@ int ssl3_get_client_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
goto f_err;
}
/* Let cert callback update server certificates if required */
if (s->cert->cert_cb
&& s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
{
al=SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR);
goto f_err;
}
ciphers=NULL;
c=ssl3_choose_cipher(s,s->session->ciphers,
SSL_get_ciphers(s));