From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 1 Jun 2008 22:45:08 +0000 (+0000)
Subject: Allow ENGINE client cert callback to specify a set of other certs, for
X-Git-Tag: OpenSSL_0_9_8k^2~362
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3fc59c84061373c285eb90c4b8fae075a28daaf3

Allow ENGINE client cert callback to specify a set of other certs, for
the rest of the certificate chain. Currently unused.
---

diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c
index fd4c5e9ec3..1dfa2e3664 100644
--- a/crypto/engine/eng_pkey.c
+++ b/crypto/engine/eng_pkey.c
@@ -167,7 +167,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
 
 int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
 	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
-	UI_METHOD *ui_method, void *callback_data)
+	STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
 	{
 
 	if(e == NULL)
@@ -191,6 +191,6 @@ int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
 			ENGINE_R_NO_LOAD_FUNCTION);
 		return 0;
 		}
-	return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey,
+	return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
 					ui_method, callback_data);
 	}
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index 5bf1e92c55..1f72b1613e 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -282,7 +282,7 @@ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
 	UI_METHOD *ui_method, void *callback_data);
 typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
 	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
-	UI_METHOD *ui_method, void *callback_data);
+	STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
 /* These callback types are for an ENGINE's handler for cipher and digest logic.
  * These handlers have these prototypes;
  *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
@@ -564,6 +564,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
 	UI_METHOD *ui_method, void *callback_data);
 int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
 	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+	STACK_OF(X509) **pother,
 	UI_METHOD *ui_method, void *callback_data);
 
 /* This returns a pointer for the current ENGINE structure that
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 8f96120d2e..e339dbc431 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2959,7 +2959,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
 		{
 		i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
 						SSL_get_client_CA_list(s),
-						px509, ppkey, NULL, NULL);
+						px509, ppkey, NULL, NULL, NULL);
 		if (i != 0)
 			return i;
 		}