Tidy up and add comments to selection code.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 4 Jun 2008 12:03:57 +0000 (12:03 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 4 Jun 2008 12:03:57 +0000 (12:03 +0000)
engines/e_capi.c

index f26afab..f03d9c7 100644 (file)
@@ -1526,7 +1526,7 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
        hstore = capi_open_store(ctx, storename);
        if (!hstore)
                return 0;
-       /* Enumerate all certificates looking for a match */
+       /* Enumerate all certificates collect any matches */
        for(i = 0;;i++)
                {
                cert = CertEnumCertificatesInStore(hstore, cert);
@@ -1544,6 +1544,9 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
                        key = capi_get_cert_key(ctx, cert);
                        if (!key)
                                continue;
+                       /* Match found: attach extra data to it so
+                        * we can retrieve the key later.
+                        */
                        excert = CertDuplicateCertificateContext(cert);
                        X509_set_ex_data(x, cert_capi_idx, key);
 
@@ -1551,16 +1554,6 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
                                certs = sk_X509_new_null();
 
                        sk_X509_push(certs, x);
-#if 0
-                       pk = capi_get_pkey(e, key);
-                       if (!pk)
-                               {
-                               capi_free_key(key);
-                               continue;
-                               }
-                       *pcert = x;
-                       *pkey = pk;
-#endif
                        }
                else
                        X509_free(x);
@@ -1573,8 +1566,13 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
        if (!certs)
                return 0;
 
+
+       /* Select the appropriate certificate */
+
        client_cert_idx = client_cert_select(e, ssl, certs);
 
+       /* Set the selected certificate and free the rest */
+
        for(i = 0; i < sk_X509_num(certs); i++)
                {
                x = sk_X509_value(certs, i);
@@ -1593,6 +1591,8 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
        if (!*pcert)
                return 0;
 
+       /* Setup key for selected certificate */
+
        key = X509_get_ex_data(*pcert, cert_capi_idx);
        *pkey = capi_get_pkey(e, key);
        X509_set_ex_data(*pcert, cert_capi_idx, NULL);