TLS-1.3 Certificate Authorities implementation and testing

Viktor Dukhovni openssl-users at
Mon Sep 2 16:59:32 UTC 2019

On Mon, Sep 02, 2019 at 06:49:40PM +0200, Alexandre Schaff wrote:

> serverside :  'openssl s_server' using certfile which has 2 root-CA+cert
> (certA and certB)  and keyfile which has both secrets.

The s_server application loads just one certificate chain from its
certFile, and just one key from its keyfile.  This happens before
any interaction with the TLS client.  The test as described is not
useful to discern whether or not OpenSSL supports certificate
selection based on the client's certificate selection hints.

AFAIK, any certificate selection logic needs to go in a suitable
callback, since the SSL_CTX can only store one key per algorithm,
and so certificate selection requires callbacks to instantiate a
per-connection context (as with SNI).

So perhaps your answer is that the OpenSSL library does not presently
provide built-in facilities for client-hint-based certificate
selection, beyond what you get by negotiating a shared signature


More information about the openssl-users mailing list