Den fre 2 jan. 2026 kl 20:26 skrev <[email protected]>:
> Author: brane
> Date: Fri Jan 2 19:26:19 2026
> New Revision: 1931058
>
> Log:
> Split the client certificate callback implementation into two functions,
> one that uses OSSL_STORE and the ancient/original that reads PKCS#12 files.
>
> * buckets/ssl_buckets.c
> (ssl_read_client_cert_uri): New, conditionally present. Reads
> certificates
> and private keys from a keystore, which can be a PKCS#12 file or an
> OS-specific certificat stor URI. The implementation was moved from
> ssl_need_client_cert() with minor changes.
>
> (ssl_need_client_cert): Delegate to ssl_read_client_cert_uri() first,
> then
> continue with the file-based attempt if no certificates were found.
>
> Modified:
> serf/trunk/buckets/ssl_buckets.c
>
> Modified: serf/trunk/buckets/ssl_buckets.c
>
> ==============================================================================
> --- serf/trunk/buckets/ssl_buckets.c Fri Jan 2 14:10:38 2026
> (r1931057)
> +++ serf/trunk/buckets/ssl_buckets.c Fri Jan 2 19:26:19 2026
> (r1931058)
>
...
> @@ -1857,9 +1833,44 @@ static int ssl_need_client_cert(SSL *ssl
> ctx->cert_pw_cache_pool);
> }
>
> + result = 1;
> + }
> +
> + cleanup:
> + sk_X509_pop_free(leaves, X509_free);
> + sk_X509_pop_free(intermediates, X509_free);
> + sk_EVP_PKEY_pop_free(keys, EVP_PKEY_free);
> + X509_STORE_free(requests);
> + UI_destroy_method(ui_method);
> +
> + return result;
> +}
> +
> +#endif
> +
> +static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey)
> +{
> + serf_ssl_context_t *ctx = SSL_get_app_data(ssl);
> +#if defined(SERF_HAVE_OSSL_STORE_OPEN_EX)
> +#endif
>
Am I missing something here or is this a no-op?
/Daniel
