Loading CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ Changes between 0.9.8g and 0.9.9 [xx XXX xxxx] *) Expand ENGINE to support engine supplied SSL client certificate functions. [Steve Henson] *) Revamp of LHASH to provide stronger type-checking. Still to come: STACK, TXT_DB, bsearch, qsort. [Ben Laurie] Loading ssl/d1_clnt.c +1 −2 Original line number Diff line number Diff line Loading @@ -1096,8 +1096,7 @@ int dtls1_send_client_certificate(SSL *s) * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ i=0; if (s->ctx->client_cert_cb != NULL) i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; Loading ssl/s3_clnt.c +22 −2 Original line number Diff line number Diff line Loading @@ -160,6 +160,9 @@ #include <openssl/dh.h> #endif #include <openssl/bn.h> #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif static const SSL_METHOD *ssl3_get_client_method(int ver); static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); Loading Loading @@ -2723,8 +2726,7 @@ int ssl3_send_client_certificate(SSL *s) * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ i=0; if (s->ctx->client_cert_cb != NULL) i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; Loading Loading @@ -2948,3 +2950,21 @@ static int ssl3_check_finished(SSL *s) return 1; } #endif int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { int i = 0; #ifndef OPENSSL_NO_ENGINE if (s->ctx->client_cert_engine) { i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, SSL_get_client_CA_list(s), px509, ppkey, NULL, NULL); if (i != 0) return i; } #endif if (s->ctx->client_cert_cb) i = s->ctx->client_cert_cb(s,px509,ppkey); return i; } ssl/ssl.h +7 −0 Original line number Diff line number Diff line Loading @@ -798,6 +798,12 @@ struct ssl_ctx_st */ unsigned int max_send_fragment; #ifndef OPENSSL_ENGINE /* Engine to pass requests for client certs to */ ENGINE *client_cert_engine; #endif #ifndef OPENSSL_NO_TLSEXT /* TLS extensions servername callback */ int (*tlsext_servername_callback)(SSL*, int *, void *); Loading Loading @@ -879,6 +885,7 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type, void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); Loading ssl/ssl_locl.h +1 −0 Original line number Diff line number Diff line Loading @@ -927,6 +927,7 @@ int ssl3_get_cert_status(SSL *s); int ssl3_get_server_done(SSL *s); int ssl3_send_client_verify(SSL *s); int ssl3_send_client_certificate(SSL *s); int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); int ssl3_send_client_key_exchange(SSL *s); int ssl3_get_key_exchange(SSL *s); int ssl3_get_server_certificate(SSL *s); Loading Loading
CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ Changes between 0.9.8g and 0.9.9 [xx XXX xxxx] *) Expand ENGINE to support engine supplied SSL client certificate functions. [Steve Henson] *) Revamp of LHASH to provide stronger type-checking. Still to come: STACK, TXT_DB, bsearch, qsort. [Ben Laurie] Loading
ssl/d1_clnt.c +1 −2 Original line number Diff line number Diff line Loading @@ -1096,8 +1096,7 @@ int dtls1_send_client_certificate(SSL *s) * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ i=0; if (s->ctx->client_cert_cb != NULL) i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; Loading
ssl/s3_clnt.c +22 −2 Original line number Diff line number Diff line Loading @@ -160,6 +160,9 @@ #include <openssl/dh.h> #endif #include <openssl/bn.h> #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif static const SSL_METHOD *ssl3_get_client_method(int ver); static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); Loading Loading @@ -2723,8 +2726,7 @@ int ssl3_send_client_certificate(SSL *s) * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ i=0; if (s->ctx->client_cert_cb != NULL) i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; Loading Loading @@ -2948,3 +2950,21 @@ static int ssl3_check_finished(SSL *s) return 1; } #endif int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { int i = 0; #ifndef OPENSSL_NO_ENGINE if (s->ctx->client_cert_engine) { i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, SSL_get_client_CA_list(s), px509, ppkey, NULL, NULL); if (i != 0) return i; } #endif if (s->ctx->client_cert_cb) i = s->ctx->client_cert_cb(s,px509,ppkey); return i; }
ssl/ssl.h +7 −0 Original line number Diff line number Diff line Loading @@ -798,6 +798,12 @@ struct ssl_ctx_st */ unsigned int max_send_fragment; #ifndef OPENSSL_ENGINE /* Engine to pass requests for client certs to */ ENGINE *client_cert_engine; #endif #ifndef OPENSSL_NO_TLSEXT /* TLS extensions servername callback */ int (*tlsext_servername_callback)(SSL*, int *, void *); Loading Loading @@ -879,6 +885,7 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type, void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); Loading
ssl/ssl_locl.h +1 −0 Original line number Diff line number Diff line Loading @@ -927,6 +927,7 @@ int ssl3_get_cert_status(SSL *s); int ssl3_get_server_done(SSL *s); int ssl3_send_client_verify(SSL *s); int ssl3_send_client_certificate(SSL *s); int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); int ssl3_send_client_key_exchange(SSL *s); int ssl3_get_key_exchange(SSL *s); int ssl3_get_server_certificate(SSL *s); Loading
