commit 2ed95279c026199e798418a1451bf1dabe425337
author Glenn Strauss <gstrauss@gluelogic.com> Fri Jan 21 18:02:17 2022 -0500
committer Glenn Strauss <gstrauss@gluelogic.com> Fri Feb 25 17:31:49 2022 -0500
tree 69d743f43f733ce0655e01bfd38ec9b037c834da
parent 4579a972bf60f8de78c074b88d871b95a8a7e48a

Add server certificate selection callback

https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e9febfd..bd0982c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1871,9 +1871,19 @@
     }
 
     /*
+     * Server certification selection (after processing TLS extensions)
+     */
+    if( ssl->conf->f_cert_cb && ( ret = ssl->conf->f_cert_cb( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "f_cert_cb", ret );
+        return( ret );
+    }
+
+    /*
      * Search for a matching ciphersuite
      * (At the end because we need information from the EC-based extensions
-     * and certificate from the SNI callback triggered by the SNI extension.)
+     * and certificate from the SNI callback triggered by the SNI extension
+     * or certificate from server certificate selection callback.)
      */
     got_common_suite = 0;
     ciphersuites = ssl->conf->ciphersuite_list;