On 1/23/2015 5:16 PM, Dr. Stephen Henson wrote:
On Fri, Jan 23, 2015, Susan Hinrichs wrote:
Hello All,
I work with Apache Traffic Server. Many of our users use the SNI
callback to select the certificate that the proxy will present to
the client. This selection can take some time. Rather than
blocking the callback thread, we would like to pause the negotiation
from the SNI callback. After the certificate has been selected,
SSL_accept can be called again to continue the processing.
Looking at documentation and code, I did not see a way to do this,
so I created a small patch on 1.0.1f. I'll say a few words about
the patch below.
But first, is there another way to achieve this in the existing
1.0.x API or the proposed 1.1 API?
OpenSSL 1.0.2 has a certificate callback which can be used for both client
and server certificates. It also supports non-blocking I/O so you can
"pause" in the manner you describe.
See:
https://www.openssl.org/docs/ssl/SSL_CTX_set_cert_cb.html
Steve.
Splendid! That looks like exactly what we need. Thank you for the pointer.
Susan
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
