Allow ENGINE client cert callback to specify a set of other certs, for

author Dr. Stephen Henson <steve@openssl.org>

Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)
diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c

index fd4c5e9ec3554976068a0e3bee2b1f8816ca9fa4..1dfa2e366451e9436c30f052d2e36faf2522c628 100644 (file)
--- a/crypto/engine/eng_pkey.c
+++ b/crypto/engine/eng_pkey.c
@@ -167,7 +167,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
  
  int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
         STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
-       UI_METHOD *ui_method, void *callback_data)
+       STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
         {
  
         if(e == NULL)
@@ -191,6 +191,6 @@ int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
                         ENGINE_R_NO_LOAD_FUNCTION);
                 return 0;
                 }
-       return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey,
+       return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
                                         ui_method, callback_data);
         }
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h

index 5bf1e92c55f9fb600a4ddca6bd30d0c9a133637b..1f72b1613ec40a7fde91b4e8b86dee0b664385e5 100644 (file)
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -282,7 +282,7 @@ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
         UI_METHOD *ui_method, void *callback_data);
  typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
         STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
-       UI_METHOD *ui_method, void *callback_data);
+       STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
  /* These callback types are for an ENGINE's handler for cipher and digest logic.
   * These handlers have these prototypes;
   *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
@@ -564,6 +564,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
         UI_METHOD *ui_method, void *callback_data);
  int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
         STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+       STACK_OF(X509) **pother,
         UI_METHOD *ui_method, void *callback_data);
  
  /* This returns a pointer for the current ENGINE structure that
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index 8f96120d2e963b5719b8b650dde16834fed9933b..e339dbc431365277f1091ec5f4daf35fb7a502df 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2959,7 +2959,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
                 {
                 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
                                                 SSL_get_client_CA_list(s),
-                                               px509, ppkey, NULL, NULL);
+                                               px509, ppkey, NULL, NULL, NULL);
                 if (i != 0)
                         return i;
                 }
author	Dr. Stephen Henson <steve@openssl.org>
	Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)
crypto/engine/eng_pkey.c		patch \| blob \| history
crypto/engine/engine.h		patch \| blob \| history
ssl/s3_clnt.c		patch \| blob \| history