Re: [openssl-dev] cert_cb and TLS tickets

> Oh, just to restate it. I'm willing to submit the patch if we agree on what > exactly it should do. Might want to wait a bit. TLS 1.3 handshakes are a bit different. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] cert_cb and TLS tickets

What seems most sensible is to have a callback once the hello is parsed, allow the callback to change almost anything it wants. I would be very disappointed if we did something that was too specific to some special use cases. -- openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] cert_cb and TLS tickets

I was mostly under the impression that Matt Caswell was planning to add a generic "early callback" that gets called just after extensions are read but before they are processed, and was waiting to see what that looked like and whether the same API could be reasonably backported to 1.1.0 (not

Re: [openssl-dev] cert_cb and TLS tickets

Oh, just to restate it. I'm willing to submit the patch if we agree on what exactly it should do. On Fri, Dec 9, 2016 at 11:29 PM, Fedor Indutny wrote: > Hello Benjamin, > > On Fri, Dec 9, 2016 at 11:24 PM, Benjamin Kaduk wrote: > >> On 12/09/2016 01:43

Re: [openssl-dev] cert_cb and TLS tickets

Hello Benjamin, On Fri, Dec 9, 2016 at 11:24 PM, Benjamin Kaduk wrote: > On 12/09/2016 01:43 PM, Fedor Indutny wrote: > > Hello, > > During development of one feature for my TLS proxy bud, I have discovered > that the cert_cb is invoked only for newly generated

Re: [openssl-dev] cert_cb and TLS tickets

On 12/09/2016 01:43 PM, Fedor Indutny wrote: > Hello, > > During development of one feature for my TLS proxy bud, I have > discovered that the cert_cb is invoked only for newly generated > tickets/sessions. The reasoning behind this is clear, but I believe > that it is most likely needs a

Re: [openssl-dev] cert_cb and TLS tickets

On Fri, Dec 9, 2016 at 11:13 PM, Viktor Dukhovni wrote: > On Fri, Dec 09, 2016 at 09:47:19PM +0100, Fedor Indutny wrote: > > > > The callback is *correctly* only called when choosing the server > > > certificate. In *that* case, it is always called. When sessions >

Re: [openssl-dev] cert_cb and TLS tickets

On Fri, Dec 09, 2016 at 09:47:19PM +0100, Fedor Indutny wrote: > > The callback is *correctly* only called when choosing the server > > certificate. In *that* case, it is always called. When sessions > > are resumed, there is no certificate to present, so no callback is > > made. > > That's

Re: [openssl-dev] cert_cb and TLS tickets

Hello Viktor! Replying inline. On Fri, Dec 9, 2016 at 9:28 PM, Viktor Dukhovni wrote: > On Fri, Dec 09, 2016 at 08:43:01PM +0100, Fedor Indutny wrote: > > > During development of one feature for my TLS proxy bud, I have discovered > > that the cert_cb is invoked

Re: [openssl-dev] cert_cb and TLS tickets

On Fri, Dec 09, 2016 at 08:43:01PM +0100, Fedor Indutny wrote: > During development of one feature for my TLS proxy bud, I have discovered > that the cert_cb is invoked only for newly generated tickets/sessions. The > reasoning behind this is clear, but I believe that it is most likely needs > a

[openssl-dev] cert_cb and TLS tickets

Hello, During development of one feature for my TLS proxy bud, I have discovered that the cert_cb is invoked only for newly generated tickets/sessions. The reasoning behind this is clear, but I believe that it is most likely needs a revision. Here is my reasoning: The major use case is choosing