[openssl-dev] Callbacks for send_certificate/recv_certificate to enable TLS Cached Info

Sat Feb 20 01:47:19 UTC 2016

Hello,

For implementing the TLS Cached Info extension [1] that sends certificate
hashes in place of the full certificate (if unchanged from a previous
handshake), we need a way to check and modify the cerificate message being
sent (for server) and received (for client). The callbacks could be, for
example:

void SSL_set_send_certificate_message_cb(SSL *ssl,
               void (*cb) (SSL *ssl, unsigned char *data,
                                 unsigned char **new_data, int *len, void
*arg));
void SSL_set_recv_certificate_message_cb(SSL *ssl,
               void (*cb) (SSL *ssl, unsigned char *data,
                                 unsigned char **new_data, int *len, void
*arg));

And they would be called while sending and receiving the certificate.
Thoughts / comments?

[*] https://tools.ietf.org/html/draft-ietf-tls-cached-info-22
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160219/7176f5fe/attachment.html>