generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow ENGINE client cert callback to specify a set of other certs, for

Browse Source 
the rest of the certificate chain. Currently unused.
This commit is contained in:
Dr. Stephen Henson 2008-06-01 22:45:08 +00:00
parent c61915c659
commit 3fc59c8406
3 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/engine/eng_pkey.c
View File

@ -167,7 +167,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
UI_METHOD *ui_method, void *callback_data) STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
{ {
if(e == NULL) if(e == NULL)
@ -191,6 +191,6 @@ int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
ENGINE_R_NO_LOAD_FUNCTION); ENGINE_R_NO_LOAD_FUNCTION);
return 0; return 0;
} }
return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
ui_method, callback_data); ui_method, callback_data);
} }

3
crypto/engine/engine.h
View File

@ -282,7 +282,7 @@ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
UI_METHOD *ui_method, void *callback_data); UI_METHOD *ui_method, void *callback_data);
typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
UI_METHOD *ui_method, void *callback_data); STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
/* These callback types are for an ENGINE's handler for cipher and digest logic. /* These callback types are for an ENGINE's handler for cipher and digest logic.
* These handlers have these prototypes; * These handlers have these prototypes;
* int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
@ -564,6 +564,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data); UI_METHOD *ui_method, void *callback_data);
int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
STACK_OF(X509) **pother,
UI_METHOD *ui_method, void *callback_data); UI_METHOD *ui_method, void *callback_data);
/* This returns a pointer for the current ENGINE structure that /* This returns a pointer for the current ENGINE structure that

2
ssl/s3_clnt.c
View File

@ -2959,7 +2959,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
{ {
i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
SSL_get_client_CA_list(s), SSL_get_client_CA_list(s),
px509, ppkey, NULL, NULL); px509, ppkey, NULL, NULL, NULL);
if (i != 0) if (i != 0)
return i; return i;
} }