from small one page howto to huge articles all in one place
 

search text in:





Poll
Which kernel version do you use?





poll results

Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs

words:

887

views:

111205

userrating:

average rating: 1.7 (85 votes) (1=very good 6=terrible)


May 25th. 2007:
Words

486

Views

225086

why adblockers are bad


Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

105314

userrating:

average rating: 1.3 (28 votes) (1=very good 6=terrible)


April, 26th. 2006:

Druckversion
You are here: manpages





SSL_CTX_set_cert_cb

Section: OpenSSL (3)
Updated: 2017-05-25
Index Return to Main Contents
 

NAME

SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function  

SYNOPSIS

 #include <openssl/ssl.h>

 void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
 void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);

 int (*cert_cb)(SSL *ssl, void *arg);

 

DESCRIPTION

SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the cert_cb() callback, arg value is pointer which is passed to the application callback.

When cert_cb() is NULL, no callback function is used.

cert_cb() is the application defined callback. It is called before a certificate will be used by a client or server. The callback can then inspect the passed ssl structure and set or clear any appropriate certificates. If the callback is successful it MUST return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake and the handshake function will return immediately. SSL_get_error(3) will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of cert_cb(). It is the job of the cert_cb() to store information about the state of the last call, if required to continue.  

NOTES

An application will typically call SSL_use_certificate() and SSL_use_PrivateKey() to set the end entity certificate and private key. It can add intermediate and optionally the root CA certificates using SSL_add1_chain_cert().

It might also call SSL_certs_clear() to delete any certificates associated with the SSL object.

The certificate callback functionality supercedes the (largely broken) functionality provided by the old client certificate callback interface. It is always called even is a certificate is already set so the callback can modify or delete the existing certificate.

A more advanced callback might examine the handshake parameters and set whatever chain is appropriate. For example a legacy client supporting only TLS v1.0 might receive a certificate chain signed using SHA1 whereas a TLS v1.2 client which advertises support for SHA256 could receive a chain using SHA256.

Normal server sanity checks are performed on any certificates set by the callback. So if an EC chain is set for a curve the client does not support it will not be used.  

SEE ALSO

ssl(3), SSL_use_certificate(3), SSL_add1_chain_cert(3), SSL_get_client_CA_list(3), SSL_clear(3), SSL_free(3)


 

Index

NAME
SYNOPSIS
DESCRIPTION
NOTES
SEE ALSO


Please read "Why adblockers are bad".



Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2017 Sascha Nitsch Unternehmensberatung UG(haftungsbeschränkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 2.7 ms