Add server certificate selection callback
https://github.com/ARMmbed/mbedtls/issues/5430
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e9febfd..bd0982c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1871,9 +1871,19 @@
}
/*
+ * Server certification selection (after processing TLS extensions)
+ */
+ if( ssl->conf->f_cert_cb && ( ret = ssl->conf->f_cert_cb( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "f_cert_cb", ret );
+ return( ret );
+ }
+
+ /*
* Search for a matching ciphersuite
* (At the end because we need information from the EC-based extensions
- * and certificate from the SNI callback triggered by the SNI extension.)
+ * and certificate from the SNI callback triggered by the SNI extension
+ * or certificate from server certificate selection callback.)
*/
got_common_suite = 0;
ciphersuites = ssl->conf->ciphersuite_list;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index adb18ab..9d41cb4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1233,6 +1233,14 @@
}
#if defined(MBEDTLS_SSL_SRV_C)
+void mbedtls_ssl_conf_cert_cb( mbedtls_ssl_config *conf,
+ int (*f_cert_cb)(mbedtls_ssl_context *) )
+{
+ conf->f_cert_cb = f_cert_cb;
+}
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_SRV_C)
void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
void *p_cache,
mbedtls_ssl_cache_get_t *f_get_cache,