Add server certificate selection callback

https://github.com/ARMmbed/mbedtls/issues/5430 Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2025-12-24 17:41:01 +03:00 · 2022-01-21 18:02:17 -05:00
parent 4579a972bf
commit 2ed95279c0
4 changed files with 48 additions and 1 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1870,10 +1870,20 @@ read_record_header:
        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
    }

+    /*
+     * Server certification selection (after processing TLS extensions)
+     */
+    if( ssl->conf->f_cert_cb && ( ret = ssl->conf->f_cert_cb( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "f_cert_cb", ret );
+        return( ret );
+    }
+
    /*
     * Search for a matching ciphersuite
     * (At the end because we need information from the EC-based extensions
-     * and certificate from the SNI callback triggered by the SNI extension.)
+     * and certificate from the SNI callback triggered by the SNI extension
+     * or certificate from server certificate selection callback.)
     */
    got_common_suite = 0;
    ciphersuites = ssl->conf->ciphersuite_list;