[openssl-dev] Callbacks for send_certificate/recv_certificate to enable TLS Cached Info
Anirudh Ramachandran
anirudhvr at gmail.com
Sat Feb 20 01:47:19 UTC 2016
Hello,
For implementing the TLS Cached Info extension [1] that sends certificate
hashes in place of the full certificate (if unchanged from a previous
handshake), we need a way to check and modify the cerificate message being
sent (for server) and received (for client). The callbacks could be, for
example:
void SSL_set_send_certificate_message_cb(SSL *ssl,
void (*cb) (SSL *ssl, unsigned char *data,
unsigned char **new_data, int *len, void
*arg));
void SSL_set_recv_certificate_message_cb(SSL *ssl,
void (*cb) (SSL *ssl, unsigned char *data,
unsigned char **new_data, int *len, void
*arg));
And they would be called while sending and receiving the certificate.
Thoughts / comments?
[*] https://tools.ietf.org/html/draft-ietf-tls-cached-info-22
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160219/7176f5fe/attachment.html>
More information about the openssl-dev
mailing list