From 59d2d48f6470b6ef5e8c385c34dea1f253bfed62 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 3 Jun 2008 11:26:27 +0000
Subject: [PATCH] Add support for client cert engine setting in s_client app.
 Add appropriate #ifdefs round client cert functions in headers.

---
 apps/s_client.c        | 33 ++++++++++++++++++++++++++++++++-
 crypto/engine/engine.h |  6 +++---
 ssl/ssl.h              |  2 ++
 3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index ad8760cce5..f68553234d 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -404,7 +404,8 @@ int MAIN(int argc, char **argv)
 	int mbuf_len=0;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine_id=NULL;
-	ENGINE *e=NULL;
+	char *ssl_client_engine_id=NULL;
+	ENGINE *e=NULL, *ssl_client_engine=NULL;
 #endif
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
 	struct timeval tv;
@@ -670,6 +671,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			engine_id = *(++argv);
 			}
+		else if	(strcmp(*argv,"-ssl_client_engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			ssl_client_engine_id = *(++argv);
+			}
 #endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
@@ -705,6 +711,17 @@ bad:
 
 #ifndef OPENSSL_NO_ENGINE
         e = setup_engine(bio_err, engine_id, 1);
+	if (ssl_client_engine_id)
+		{
+		ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
+		if (!ssl_client_engine)
+			{
+			BIO_printf(bio_err,
+					"Error getting client auth engine\n");
+			goto end;
+			}
+		}
+
 #endif
 	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
 		{
@@ -772,6 +789,20 @@ bad:
 		goto end;
 		}
 
+#ifndef OPENSSL_NO_ENGINE
+	if (ssl_client_engine)
+		{
+		if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
+			{
+			BIO_puts(bio_err, "Error setting client auth engine\n");
+			ERR_print_errors(bio_err);
+			ENGINE_free(ssl_client_engine);
+			goto end;
+			}
+		ENGINE_free(ssl_client_engine);
+		}
+#endif
+
 #ifndef OPENSSL_NO_PSK
 	if (psk_key != NULL)
 		{
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index 1f72b1613e..a7e0f2e1ab 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -334,6 +334,9 @@ void ENGINE_load_nuron(void);
 void ENGINE_load_sureware(void);
 void ENGINE_load_ubsec(void);
 void ENGINE_load_padlock(void);
+#ifndef OPENSSL_NO_CAPIENG
+void ENGINE_load_capi(void);
+#endif
 #ifndef OPENSSL_NO_GMP
 void ENGINE_load_gmp(void);
 #endif
@@ -343,9 +346,6 @@ void ENGINE_load_gost(void);
 #endif
 void ENGINE_load_cryptodev(void);
 void ENGINE_load_builtin_engines(void);
-#ifndef OPENSSL_NO_CAPIENG
-void ENGINE_load_capi(void);
-#endif
 
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
  * "registry" handling. */
diff --git a/ssl/ssl.h b/ssl/ssl.h
index a9de499e0b..da105e940c 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -895,7 +895,9 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,
 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+#ifndef OPENSSL_NO_ENGINE
 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+#endif
 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
 
-- 
2.34.1