On Mon Dec 01 10:43:36 2014, [email protected] wrote: > > Some web browsers (google chrome for example) do support Authority > Information > Access for fetching intermediate certificates. > > openssl library (client side) unfortunately seems to be not able to do > that. > > So this is feature request about adding support for AIA for fetching > intermediate certificates and ideally do that automaticaly (without a > need to > rewrite every openssl user to be able to suppor this). Not sure if > that fits > "library" model though. >
Doing this (and some similar operations like automatic OCSP or CRL download) are problematical for OpenSSL due to the way non-blocking I/O works. An application performing non-blocking I/O will typically get a retry request from OpenSSL and then they'll then wait for data from the underlying transport (for example using select on the connected socket), If you want to download a certificate the application would have to wait on a *different* socket. There is currently no API to support this and as a result applications wouldn't expect this. So while there is no technical reason why OpenSSL couldn't support this it would need significant changes to any OpenSSL application supporting non-blocking I/O for it to work. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
