Dan White wrote:
Unfortunately I'm not familiar enough with the sasl_setprop and
sasl_getprop calls to say what would be involved in allowing a calling
application to store certificate information.
Luke Howard done a patch adding support for channel bindings to libsasl.
I will be integrating it relatively shortly (once I do some testing,
hopefully within 2 weeks).
If you want to see the preview of this patch before it is integrated,
please email me off-list.
On 10/11/10 11:42 -0800, William Mills wrote:
That's what I figured. Is there enough passed into the SASL
initiation to
be able to have a callback hook into the app for it?
-----Original Message-----
From: Dan White [mailto:dwh...@olp.net]
Sent: Wednesday, November 10, 2010 9:41 AM
To: William Mills
Cc: cyrus-sasl@lists.andrew.cmu.edu
Subject: Re: API to fetch channel binding (SSL) information?
On 10/11/10 08:50 -0800, William Mills wrote:
>Is there an API to be able to fetch the SSL peer certificate? I'm
looking at doing channel binding. Alternatively has anyone looked at
the challenges to adding this as a supported option to sasl_getprop()?
>
>Thanks,
>
>-bill
The SASL library doesn't, itself, participate in the SSL/TLS
negotiation,
so it does not have access to any certificate information unless it it
passed to it by the calling application (in the form of an
authentication
identity/username).
This thread should have more information:
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-
sasl&msg=9550
--
Dan White
