Add options to set additional type specific certificate chains to

#endif

#ifdef HEADER_SSL_H

int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);

int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);

int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,

							STACK_OF(X509) *chain);

int ssl_print_sigalgs(BIO *out, SSL *s);

int ssl_print_curves(BIO *out, SSL *s);

#endif

	return(1);

	}

int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)

int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,

							STACK_OF(X509) *chain)

	{

	if (cert ==  NULL)

		return 1;

		BIO_printf(bio_err,"Private key does not match the certificate public key\n");

		return 0;

		}

	if (chain && !SSL_CTX_set1_chain(ctx, chain))

		{

		BIO_printf(bio_err,"error setting certificate chain\n");

		ERR_print_errors(bio_err);

		return 0;

		}

	return 1;

	}

#endif

	SSL_CTX_set_verify(ctx,verify,verify_callback);

	if (!set_cert_key_stuff(ctx,cert,key))

	if (!set_cert_key_stuff(ctx,cert,key, NULL))

		goto end;

	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||

static char *cipher=NULL;

static int s_server_verify=SSL_VERIFY_NONE;

static int s_server_session_id_context = 1; /* anything will do */

static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;

static const char *s_cert_file=TEST_CERT,*s_key_file=NULL, *s_chain_file=NULL;

#ifndef OPENSSL_NO_TLSEXT

static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;

static char *curves=NULL;

#endif

static char *s_dcert_file=NULL,*s_dkey_file=NULL;

static char *s_dcert_file=NULL,*s_dkey_file=NULL, *s_dchain_file=NULL;

#ifdef FIONBIO

static int s_nbio=0;

#endif

	s_server_verify=SSL_VERIFY_NONE;

	s_dcert_file=NULL;

	s_dkey_file=NULL;

	s_dchain_file=NULL;

	s_cert_file=TEST_CERT;

	s_key_file=NULL;

	s_chain_file=NULL;

#ifndef OPENSSL_NO_TLSEXT

	curves=NULL;

	s_cert_file2=TEST_CERT2;

	char *dpassarg = NULL, *dpass = NULL;

	int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;

	X509 *s_cert = NULL, *s_dcert = NULL;

	STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;

	EVP_PKEY *s_key = NULL, *s_dkey = NULL;

	int no_cache = 0, ext_cache = 0;

#ifndef OPENSSL_NO_TLSEXT

			if (--argc < 1) goto bad;

			passarg = *(++argv);

			}

		else if	(strcmp(*argv,"-cert_chain") == 0)

			{

			if (--argc < 1) goto bad;

			s_chain_file= *(++argv);

			}

		else if	(strcmp(*argv,"-dhparam") == 0)

			{

			if (--argc < 1) goto bad;

			if (--argc < 1) goto bad;

			s_dkey_file= *(++argv);

			}

		else if	(strcmp(*argv,"-dcert_chain") == 0)

			{

			if (--argc < 1) goto bad;

			s_dchain_file= *(++argv);

			}

		else if (strcmp(*argv,"-nocert") == 0)

			{

			nocert=1;

			ERR_print_errors(bio_err);

			goto end;

			}

		if (s_chain_file)

			{

			s_chain = load_certs(bio_err, s_chain_file,FORMAT_PEM,

					NULL, e, "server certificate chain");

			if (!s_chain)

				goto end;

			}

#ifndef OPENSSL_NO_TLSEXT

		if (tlsextcbp.servername) 

			ERR_print_errors(bio_err);

			goto end;

			}

		if (s_dchain_file)

			{

			s_dchain = load_certs(bio_err, s_dchain_file,FORMAT_PEM,

				NULL, e, "second server certificate chain");

			if (!s_dchain)

				goto end;

			}

		}

		}

#endif

	if (!set_cert_key_stuff(ctx,s_cert,s_key))

	if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain))

		goto end;

#ifndef OPENSSL_NO_TLSEXT

	if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))

	if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2, NULL))

		goto end; 

#endif

	if (s_dcert != NULL)

		{

		if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))

		if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain))

			goto end;

		}