httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject SSL_CTX_get_{first,next}_certificate (Re: svn commit: r1562500 - /httpd/httpd/branches/2.4.x/STATUS)
Date Sun, 02 Feb 2014 13:45:42 GMT
On 01.02.2014 14:37, Dr Stephen Henson wrote:
> I'm wondering how that could be avoided. Would a way to enumerate all
> certificates in an SSL_CTX structure in OpenSSL help? Something like
> SSL_CTX_get0_first_certificate() and SSL_CTX_get0_next_certificate(). That would
> also set the current certificate at the same time in case applications wanted to
> inspect the private key or chain.

Yes, this sounds like a useful extension - not only for the issue at
hand (i.e. SSL_CONF and stapling initialisation), but as a general
mechanism for retrieving all certificates of an SSL_CTX.

Kaspar

Mime
View raw message