On Fri, Jan 23, 2015, Susan Hinrichs wrote: > Hello All, > > I work with Apache Traffic Server. Many of our users use the SNI > callback to select the certificate that the proxy will present to > the client. This selection can take some time. Rather than > blocking the callback thread, we would like to pause the negotiation > from the SNI callback. After the certificate has been selected, > SSL_accept can be called again to continue the processing. > > Looking at documentation and code, I did not see a way to do this, > so I created a small patch on 1.0.1f. I'll say a few words about > the patch below. > > But first, is there another way to achieve this in the existing > 1.0.x API or the proposed 1.1 API? >
OpenSSL 1.0.2 has a certificate callback which can be used for both client and server certificates. It also supports non-blocking I/O so you can "pause" in the manner you describe. See: https://www.openssl.org/docs/ssl/SSL_CTX_set_cert_cb.html Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
