generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

New ctrl to set current certificate.

Browse Source 
New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.
(cherry picked from commit 0f78819c8c)
This commit is contained in:
Dr. Stephen Henson
2014-02-02 02:51:30 +00:00
parent 1180833643
commit e2f06800bc
6 changed files with 73 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/ssl.h
View File

@@ -1870,6 +1870,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_GET_CHAIN_CERTS 115
#define SSL_CTRL_SELECT_CURRENT_CERT 116
#define SSL_CTRL_SET_CURRENT_CERT 117
#define SSL_CERT_SET_FIRST 1
#define SSL_CERT_SET_NEXT 2
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1929,6 +1933,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTX_select_current_cert(ctx,x509) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
#define SSL_CTX_set_current_cert(ctx, op) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
#define SSL_CTX_set0_verify_cert_store(ctx,st) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
#define SSL_CTX_set1_verify_cert_store(ctx,st) \
@@ -1954,6 +1961,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
#define SSL_select_current_cert(ctx,x509) \
SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
#define SSL_set_current_cert(ctx,op) \
SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
#define SSL_set0_verify_cert_store(s,st) \
SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)