#include <openssl/ssl.h>
- void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
- int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
- int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+ int (*client_cert_cb)(SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey));
+ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey);
=head1 DESCRIPTION
-SSL_CTX_set_client_cert_cb() sets the client_cert_cb() callback, that is
+SSL_CTX_set_client_cert_cb() sets the I<client_cert_cb> callback, that is
called when a client certificate is requested by a server and no certificate
was yet set for the SSL object.
-When client_cert_cb() is NULL, no callback function is used.
+When I<client_cert_cb> is NULL, no callback function is used.
SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback
function.
-client_cert_cb() is the application defined callback. If it wants to
+I<client_cert_cb> is the application defined callback. If it wants to
set a certificate, a certificate/private key combination must be set
-using the B<x509> and B<pkey> arguments and "1" must be returned. The
-certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
+using the I<x509> and I<pkey> arguments and "1" must be returned. The
+certificate will be installed into I<ssl>, see the NOTES and BUGS sections.
If no certificate should be set, "0" has to be returned and no certificate
will be sent. A negative return value will suspend the handshake and the
handshake function will return immediately. L<SSL_get_error(3)>
will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was
suspended. The next call to the handshake function will again lead to the call
-of client_cert_cb(). It is the job of the client_cert_cb() to store information
+of I<client_cert_cb>. It is the job of the I<client_cert_cb> to store information
about the state of the last call, if required to continue.
=head1 NOTES
If the callback returns no certificate, the OpenSSL library will not send
a certificate.
+=head1 RETURN VALUES
+
+SSL_CTX_get_client_cert_cb() returns function pointer of I<client_cert_cb> or
+NULL if the callback is not set.
+
=head1 BUGS
-The client_cert_cb() cannot return a complete certificate chain, it can
+The I<client_cert_cb> cannot return a complete certificate chain, it can
only return one client certificate. If the chain only has a length of 2,
the root CA certificate may be omitted according to the TLS standard and
thus a standard conforming answer can be sent to the server. For a
=head1 SEE ALSO
-L<ssl(3)>, L<SSL_CTX_use_certificate(3)>,
+L<ssl(7)>, L<SSL_CTX_use_certificate(3)>,
L<SSL_CTX_add_extra_chain_cert(3)>,
L<SSL_get_client_CA_list(3)>,
L<SSL_clear(3)>, L<SSL_free(3)>
=head1 COPYRIGHT
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.