On Fri, Jan 24, 2014, Jeffrey Walton wrote:
> What is the name of the function to set the callback described below?
>
> *) Add certificate callback. If set this is called whenever a certificate
> is required by client or server. An application can decide which
> certificate chain to present based on arbitrary criteria: for example
> supported signature algorithms. Add very simple example to s_server.
> This fixes many of the problems and restrictions of the existing client
> certificate callback: for example you can now clear an existing
> certificate and specify the whole chain.
> [Steve Henson]
>
> I'm using the latest from GIT, but I don't see anything that jumps out
> in s_server.c.
>
> I see SSL_CTX_set_tlsext_servername_callback and
> SSL_CTX_set_info_callback, but I think they have been available for
> some time and they don't appear to be specific for certificate
> selection.
It is OpenSSL 1.0.2+ only. The function is {SSL,SSL_CTX}_set_cert_cb.
Documentation to come but in summary the callback has the form:
int set_cert_cb(SSL *ssl, void *arg);
Where "arg" is the value passed in the "set" function and "ssl" is the SSL
structure where a certificate is required. Unlike the client callback this
function is always called by both client and server and it is possible to
change the default certificate. Returns 1 for success and 0 for error.
There is an example in apps/s_cb.c which is used by both s_client and s_server.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
