416
416
* Load the client public key certificate and private key from file and
417
417
* check whether the cert matches the key. We can use RSA certificates
418
* ("cert") and DSA certificates ("dcert"), both can be made available at
419
* the same time. The CA certificates for both are handled in the same
420
* setup already finished. Which one is used depends on the cipher
421
* negotiated (that is: the first cipher listed by the client which does
422
* match the server). A client with RSA only (e.g. Netscape) will use the
423
* RSA certificate only. A client with openssl-library will use RSA first
424
* if not especially changed in the cipher setup.
418
* ("cert") DSA certificates ("dcert") or ECDSA certificates ("eccert").
419
* All three can be made available at the same time. The CA certificates
420
* for all three are handled in the same setup already finished. Which
421
* one is used depends on the cipher negotiated (that is: the first
422
* cipher listed by the client which does match the server). The client
423
* certificate is presented after the server chooses the session cipher,
424
* so we will just present the right cert for the chosen cipher (if it
425
* uses certificates).
426
if ((*props->cert_file != 0 || *props->dcert_file != 0)
427
&& tls_set_my_certificate_key_info(client_ctx, props->cert_file,
428
props->key_file, props->dcert_file,
429
props->dkey_file) < 0) {
427
if (tls_set_my_certificate_key_info(client_ctx,
433
props->eckey_file) < 0) {
430
434
/* tls_set_my_certificate_key_info() already logs a warning. */
431
435
SSL_CTX_free(client_ctx); /* 200411 */