A more advanced callback might examine the handshake parameters and set
whatever chain is appropriate. For example a legacy client supporting only
-TLS v1.0 might receive a certificate chain signed using SHA1 whereas a
-TLS v1.2 client which advertises support for SHA256 could receive a chain
-using SHA256.
+TLSv1.0 might receive a certificate chain signed using SHA1 whereas a
+TLSv1.2 or later client which advertises support for SHA256 could receive a
+chain using SHA256.
Normal server sanity checks are performed on any certificates set
by the callback. So if an EC chain is set for a curve the client does not
support it will B<not> be used.
+=head1 RETURN VALUES
+
+SSL_CTX_set_cert_cb() and SSL_set_cert_cb() do not return values.
+
=head1 SEE ALSO
L<ssl(7)>, L<SSL_use_certificate(3)>,
=head1 COPYRIGHT
-Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
projects / openssl.git / blobdiff