[ Sorry for being lazy and ask even though i haven't read all the documents.
If the question is answers by some existing text/thread, pls. let me know. ]
Precursor question: Server for TCP connections wants to be able to
dynamically reject connection requests based on the clients connection
parameters, e.g.: client IP-address. Dynamic meaning that the server
should get a notification/callback, be able to examine the parameters
and decide. Aka: no predefined policy object that can not run server
code at the time of receiving the client connection request.
I do not even remember wht the best current POSIX socket API is to do
this today. Traditionally, servers suck at this, because they use an
accept(), so the connection is established, and then they immediately
close the connection once they have retrieved the clients IP-address
(getpeername or the like).
So, the actual question is pretty much the same except that i don't care
about the client IP-address but for TLS connections in the ability for
the client-side to examine the server certificate presented and the
server-side to examine the client-side cetificate presented - and in
both cases have the hook for this notification/callback early enough
in the sate machinery of the transport protocol that no unnecessary
steps are performed (e.g.: exactly NOT the above mentioned connect &
drop behavior).
Thanks!
Toerless
_______________________________________________
Taps mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/taps
