Oops, just realized that I pasted whole commit message into a subject. Anyway, CCing Rich Salz here.
Rich, You seem to be on a wave on triaging tickets, may be you could take a look at this one eventually? Thank you, Fedor. On Sat, Aug 23, 2014 at 10:08 PM, Fedor Indutny <[email protected]> wrote: > This patch is introducing `async_key_ex_cb` member of both `SSL_CTX` and > `SSL`, and `SSL_supply()`. If `async_key_ex_cb` is present: > > * Server will ignore dummy RSA key, assuming that it is matching the > certificate. > * Server will invoke this callback with either: > * `SSL_KEY_EX_RSA` > * `SSL_KEY_EX_RSA_SIGN` > as a `type` argument, and some data for signature or decryption in > `p`/`n` pair. > > At that time the sign/decryption may be performed on any thread, or even > remotely, and the result should be supplied with `SSL_supply()`. Calling > `SSL_supply()` will continue the handshake process without even touching > the real private key. > > NOTE: > > The test is missing right now, I'll add it once we will figure out how the > API should look like. Implementation appears to be working when used with > node.js, see > https://github.com/indutny/node/tree/feature/async-key-exchange and > https://gist.github.com/indutny/948eaf9b5154eb395e8b for testing. > > ANOTHER NOTE: > > Pull Request on github: https://github.com/openssl/openssl/pull/162 >
