diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-06-29 14:24:42 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-06-29 14:24:42 +0000 |
commit | 18d7158809c9722f4c6d2a8af7513577274f9b56 (patch) | |
tree | 21cf503b096928ae887c28b997622eb4ee6bfd70 /ssl/t1_lib.c | |
parent | 0f39bab0df4109bab7effc7428e1d759f36d8642 (diff) | |
download | openssl-18d7158809c9722f4c6d2a8af7513577274f9b56.tar.gz |
Add certificate callback. If set this is called whenever a certificate
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 46b3a4c9f9..6b0ddf2631 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3514,5 +3514,10 @@ void tls1_set_cert_validity(SSL *s) tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC); } +/* User level utiity function to check a chain is suitable */ +int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) + { + return tls1_check_chain(s, x, pk, chain, -1); + } #endif |