Type Definition bearssl::br_ssl_client_certificate_class [−] [src]

type br_ssl_client_certificate_class = br_ssl_client_certificate_class_;

\brief Class type for a certificate handler (client side).

A certificate handler selects a client certificate chain to send to the server, upon explicit request from that server. It receives the list of trust anchor DN from the server, and supported types of certificates and signatures, and returns the chain to use. It is also invoked to perform the corresponding private key operation (a signature, or an ECDH computation).

The SSL client engine will first push the trust anchor DN with start_name_list(), start_name(), append_name(), end_name() and end_name_list(). Then it will call choose(), to select the actual chain (and signature/hash algorithms). Finally, it will call either do_sign() or do_keyx(), depending on the algorithm choices.