Hi All,
With 1.0.2 openssl expanded their support of the certificate callback to
handle pausing processing during the SSL handshake negotiation. This
replaces the functionality I added to the SNI callback in my patch for
openssl 1.0.1.
With TS-3319, I'm updating the ATS callback logic to support the
certificate callback if you are compiling against openssl 1.0.2.
There is a new hook constant, TS_SSL_CERT_HOOK. If you had a SNI
callback that was pausing the handshake to make decisions about the
certificate, you can move it from the TS_SSL_SNI_HOOK to the
TS_SSL_CERT_HOOK.
I'm finishing tidying up TS-3319. It should be ready later today or
tomorrow.
Susan
- Certificate process in openssl 1.0.2 Susan Hinrichs
-
