Add certificate callback. If set this is called whenever a certificate

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 29c5b9732664d2ef75019e4d2a18764c40a3f2f4..f6ab29cd79ba63e60cabd2af0e8d2d7fa7ff39fa 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1358,6 +1358,14 @@ int ssl3_get_client_hello(SSL *s)
                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
                        goto f_err;
                        }
+               /* Let cert callback update server certificates if required */
+               if (s->cert->cert_cb
+                       && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
+                       {
+                       al=SSL_AD_INTERNAL_ERROR;
+                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR);
+                       goto f_err;
+                       }
                ciphers=NULL;
                c=ssl3_choose_cipher(s,s->session->ciphers,
                                     SSL_get_ciphers(s));
@@ -2069,7 +2077,7 @@ int ssl3_send_certificate_request(SSL *s)
 
                if (TLS1_get_version(s) >= TLS1_2_VERSION)
                        {
-                       nl = tls12_get_req_sig_algs(s, p + 2);
+                       nl = tls12_get_sig_algs(s, p + 2);
                        s2n(nl, p);
                        p += nl + 2;
                        n += nl + 2;