From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod | 77 ++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod (limited to 'openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod') diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod new file mode 100644 index 0000000..eaa7a4e --- /dev/null +++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_cb.pod @@ -0,0 +1,77 @@ +=pod + +=head1 NAME + +SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function + +=head1 SYNOPSIS + + #include + + void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg); + void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); + + int (*cert_cb)(SSL *ssl, void *arg); + +=head1 DESCRIPTION + +SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the cert_cb() callback, +B value is pointer which is passed to the application callback. + +When cert_cb() is NULL, no callback function is used. + +cert_cb() is the application defined callback. It is called before a +certificate will be used by a client or server. The callback can then inspect +the passed B structure and set or clear any appropriate certificates. If +the callback is successful it B return 1 even if no certificates have +been set. A zero is returned on error which will abort the handshake with a +fatal internal error alert. A negative return value will suspend the handshake +and the handshake function will return immediately. +L will return SSL_ERROR_WANT_X509_LOOKUP to +indicate, that the handshake was suspended. The next call to the handshake +function will again lead to the call of cert_cb(). It is the job of the +cert_cb() to store information about the state of the last call, +if required to continue. + +=head1 NOTES + +An application will typically call SSL_use_certificate() and +SSL_use_PrivateKey() to set the end entity certificate and private key. +It can add intermediate and optionally the root CA certificates using +SSL_add1_chain_cert(). + +It might also call SSL_certs_clear() to delete any certificates associated +with the B object. + +The certificate callback functionality supersedes the (largely broken) +functionality provided by the old client certificate callback interface. +It is B called even is a certificate is already set so the callback +can modify or delete the existing certificate. + +A more advanced callback might examine the handshake parameters and set +whatever chain is appropriate. For example a legacy client supporting only +TLS v1.0 might receive a certificate chain signed using SHA1 whereas a +TLS v1.2 client which advertises support for SHA256 could receive a chain +using SHA256. + +Normal server sanity checks are performed on any certificates set +by the callback. So if an EC chain is set for a curve the client does not +support it will B be used. + +=head1 SEE ALSO + +L, L, +L, +L, +L, L + +=head1 COPYRIGHT + +Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut -- cgit v1.2.3