On 10/10/2013 23:18, Trevor Perrin wrote: > > How would you expect the code to track the Cert -> ServerInfo > relationship between these points? >
Disclaimer: it's been a while since I looked at that code and someone else might have a better idea. It didn't quite work in the way I recalled. It may be a bit messy to handle, to say the least. AFAICS the certificate and key files both go through the function ssl_cmd_check_aidx_max and store the filenames with an associated index. At that point you could save the last index used and store any associated ServerInfo with the same index. I *think* you then have to delve into ssl_pphrase_Handle() [note the comment on the way in] and somehow link the ServerInfo index with something you can use to recognise it later. The algorithm type 'at' might be usable or perhaps turn the algorithm type into one of the SSL_AIDX_<ALGORITHM> values? After that you look for an appropriate ServerInfo value when SSL_use_certificate or SSL_use_PrivateKey is called (you'll be able to use the associated SSL_AIDX_<ALGORITHM> value) and set the ServerInfo. There *should* be an easier way to do it than this but I can't immediately see what it is. Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 shen...@opensslfoundation.com
