generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add certificate callback. If set this is called whenever a certificate

Browse Source 
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
This commit is contained in:
Dr. Stephen Henson
2012-06-29 14:24:42 +00:00
parent 0f39bab0df
commit 18d7158809
14 changed files with 358 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/ssl_lib.c
View File

@@ -2048,6 +2048,16 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
X509_VERIFY_PARAM_set_depth(ctx->param, depth);
}
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg)
{
ssl_cert_set_cert_cb(c->cert, cb, arg);
}
void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg)
{
ssl_cert_set_cert_cb(s->cert, cb, arg);
}
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
{
CERT_PKEY *cpk;