From 86c550225bf6ed245212978d367bf4afba61f643 Mon Sep 17 00:00:00 2001
From: Marcel Poul <marcel.poul@cern.ch>
Date: Tue, 11 Sep 2012 10:15:00 +0000
Subject: [PATCH] Add canl_ssl_ctx_set_clb() into API, this sets canl default
 certificate verification callback into given ssl_ctx

---
 emi.canl.canl-c/src/canl_ssl.c | 18 +++++++++++++++++-
 emi.canl.canl-c/src/canl_ssl.h |  6 ++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c
index 6defd42..227bbbe 100644
--- a/emi.canl.canl-c/src/canl_ssl.c
+++ b/emi.canl.canl-c/src/canl_ssl.c
@@ -1116,12 +1116,28 @@ canl_ctx_set_ca_fn(canl_ctx cc, const char *fn)
         return EINVAL;
     
     if (!m_ctx)
-	return set_error(glb_cc, EINVAL, POSIX_ERROR, "SSL context not"
+	return set_error(glb_cc, EINVAL, POSIX_ERROR, "Mech context not"
                 " initialized");
     
     return ssl_set_dir(glb_cc, &m_ctx->ca_file, fn);
 }
 
+canl_err_code CANL_CALLCONV
+canl_ssl_ctx_set_clb(canl_ctx cc, SSL_CTX *ssl_ctx, void *user_data)
+{
+    glb_ctx *glb_cc = (glb_ctx*) cc;
+    if (!cc)
+        return EINVAL;
+    if (!ssl_ctx)
+        return set_error(glb_cc, EINVAL, POSIX_ERROR, "SSL context not"
+                " initialized");
+
+    SSL_CTX_set_cert_verify_callback(ssl_ctx, proxy_app_verify_callback,
+            user_data);
+
+    return 0;
+}
+
 static canl_err_code
 ssl_get_peer(glb_ctx *cc, io_handler *io, void *auth_ctx, canl_principal *peer)
 {
diff --git a/emi.canl.canl-c/src/canl_ssl.h b/emi.canl.canl-c/src/canl_ssl.h
index b057dcb..8c2ec7e 100644
--- a/emi.canl.canl-c/src/canl_ssl.h
+++ b/emi.canl.canl-c/src/canl_ssl.h
@@ -2,6 +2,7 @@
 #define _CANL_SSL_H
 
 #include <canl.h>
+#include <openssl/ssl.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -35,6 +36,11 @@ canl_ctx_set_pkcs11_lib(canl_ctx, const char *);
 canl_err_code CANL_CALLCONV
 canl_ctx_set_pkcs11_init_args(canl_ctx, const char *);
 
+/* Set canl cert verification callbacks into SSL_CTX.
+   Do not use SSL_CTX stored in canl_ctx */
+canl_err_code CANL_CALLCONV
+canl_ssl_ctx_set_clb(canl_ctx cc, SSL_CTX *ssl_ctx, void *user_data);
+
 #ifdef __cplusplus
 }
 #endif
-- 
1.8.2.3