Mark Crispin wrote:
No, c-client does not have any support for SSL client certificates.
OK, doesn't seem like it will be too difficult to add, so I'll hack on it. Thanks.
The [GS]ET_SSLCERTIFICATEQUERY mail_parameter() callback routine is used to allow the application a chance to decide whether to proceed or abort if the *server* certificate fails validation.
Ahh, that explains why it just returns an int result, then.
If I implement this, would it be more consistent to make it a callback route that returns a pointer to an allocated chunk of memory (with the caller responsible for freeing), or a parameter where I actually pass in the PEM-encoded string and c-client duplicates it into its own memory? c-client will only need the certificate for a very short time (to make two calls into the SSL library during the context setup), so I don't think it makes sense to keep a copy of it in c-client's memory space...
