[openssl-dev] SSL_get0_dane_authority() and session reuse
Claus Assmann
ca+ssl-dev at esmtp.org
Sat Jan 23 11:42:38 UTC 2016
On Fri, Jan 22, 2016, Viktor Dukhovni wrote:
> > On Jan 22, 2016, at 7:35 PM, Claus Assmann wrote:
> > SSL_get0_dane_authority() returns -1 on a reused TLS session
> > in my test program.
> It is expected, but probably should be documented.
Thanks; is there any chance to change that behaviour?
Let me explain what I'm trying to do (sorry for not including that
in the original mail):
For SMTP STARTTLS I try to determine some properties of the TLS
connection so the MTA can decide whether the connection should be
aborted or continue. Those properties are for example: cert issuer,
cert subject, cipher bits, verification status, e.g., X509_V_OK,
(all of which can be retrieved from SSL via some function calls),
and in the last case I would like to know if DANE was
(originally/successfully) used.
I could try to store that information somehow in the TLS session
context (SSL) myself, but it would make things much easier if OpenSSL
can provide that information.
More information about the openssl-dev
mailing list