[openssl-users] Fwd: SSL_get_certificate()
Viktor Dukhovni
openssl-users at dukhovni.org
Sat Nov 4 23:39:00 UTC 2017
> On Nov 4, 2017, at 7:11 PM, Jeremy Harris <jgh at wizmail.org> wrote:
>
> 1.0.2k fips.
I hope you're not enabling, or at least not voluntarily enabling
FIPS mode, but that's off-topic...
> Server, having loaded two certs (one rsa, one ecdsa) using
> SSL_CTX_use_certificate_chain_file().
>
> After SSL_accept(), call SSL_get_certificate() to see what
> cert was presented.
The negotiated certificate is only populated in the server SSL
handle when you've registered a TLS status callback. See
SSL_CTX_set_tlsext_status_cb(3)
> What should I be doing different?
For now, instantiate the callback. I think we should look into
changing the behaviour at some point to always make this available
at the completion of the handshake. And document
SSL_get_certificate(). Feel free to open an issue on Github...
--
Viktor.
More information about the openssl-users
mailing list