On 01.02.2014 14:37, Dr Stephen Henson wrote: > I'm wondering how that could be avoided. Would a way to enumerate all > certificates in an SSL_CTX structure in OpenSSL help? Something like > SSL_CTX_get0_first_certificate() and SSL_CTX_get0_next_certificate(). That > would > also set the current certificate at the same time in case applications wanted > to > inspect the private key or chain.
Yes, this sounds like a useful extension - not only for the issue at hand (i.e. SSL_CONF and stapling initialisation), but as a general mechanism for retrieving all certificates of an SSL_CTX. Kaspar
