SSL_CTX_set_cert_cb(3)              OpenSSL             SSL_CTX_set_cert_cb(3)


NNAAMMEE
       SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback
       function

SSYYNNOOPPSSIISS
        #include <openssl/ssl.h>

        void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
        void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);

        int (*cert_cb)(SSL *ssl, void *arg);

DDEESSCCRRIIPPTTIIOONN
       _S_S_L___C_T_X___s_e_t___c_e_r_t___c_b_(_) and _S_S_L___s_e_t___c_e_r_t___c_b_(_) sets the _cc_ee_rr_tt____cc_bb_((_)) call-
       back, aarrgg value is pointer which is passed to the application callback.

       When _cc_ee_rr_tt____cc_bb_((_)) is NULL, no callback function is used.

       _c_e_r_t___c_b_(_) is the application defined callback. It is called before a
       certificate will be used by a client or server. The callback can then
       inspect the passed ssssll structure and set or clear any appropriate cer-
       tificates. If the callback is successful it MMUUSSTT return 1 even if no
       certificates have been set. A zero is returned on error which will
       abort the handshake with a fatal internal error alert. A negative
       return value will suspend the handshake and the handshake function will
       return immediately.  _S_S_L___g_e_t___e_r_r_o_r(3) will return
       SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was sus-
       pended. The next call to the handshake function will again lead to the
       call of _c_e_r_t___c_b_(_). It is the job of the _c_e_r_t___c_b_(_) to store information
       about the state of the last call, if required to continue.

NNOOTTEESS
       An application will typically call _S_S_L___u_s_e___c_e_r_t_i_f_i_c_a_t_e_(_) and
       _S_S_L___u_s_e___P_r_i_v_a_t_e_K_e_y_(_) to set the end entity certificate and private key.
       It can add intermediate and optionally the root CA certificates using
       _S_S_L___a_d_d_1___c_h_a_i_n___c_e_r_t_(_).

       It might also call _S_S_L___c_e_r_t_s___c_l_e_a_r_(_) to delete any certificates associ-
       ated with the SSSSLL object.

       The certificate callback functionality supercedes the (largely broken)
       functionality provided by the old client certificate callback inter-
       face.  It is aallwwaayyss called even is a certificate is already set so the
       callback can modify or delete the existing certificate.

       A more advanced callback might examine the handshake parameters and set
       whatever chain is appropriate. For example a legacy client supporting
       only TLS v1.0 might receive a certificate chain signed using SHA1
       whereas a TLS v1.2 client which advertises support for SHA256 could
       receive a chain using SHA256.

       Normal server sanity checks are performed on any certificates set by
       the callback. So if an EC chain is set for a curve the client does not
       support it will nnoott be used.

SSEEEE AALLSSOO
       _s_s_l(3), _S_S_L___u_s_e___c_e_r_t_i_f_i_c_a_t_e(3), _S_S_L___a_d_d_1___c_h_a_i_n___c_e_r_t(3),
       _S_S_L___g_e_t___c_l_i_e_n_t___C_A___l_i_s_t(3), _S_S_L___c_l_e_a_r(3), _S_S_L___f_r_e_e(3)


1.0.2u                            2019-12-20            SSL_CTX_set_cert_cb(3)