---------- Forwarded message --------- From: Susan Hinrichs <shinr...@apache.org> Date: Wed, May 1, 2019 at 2:46 PM Subject: [API proposal] TSVConnSslVerifyCTXGet To: dev <dev@trafficserver.apache.org>
Finally going in to fix the TS_SSL_VERIFY_CLIENT_HOOK and TS_SSL_VERIFY_SERVER_HOOK and needed to add a call to get access to the X509_STORE_CTX object to the plugin as pointed out by CrendKing in https://github.com/apache/trafficserver/issues/4569 I propose adding the following API. I will put up a PR shortly with an implementation, documentation and test. TSSslVerifyCTX TSVConnSslVerifyCTXGet(TSVConn sslp); Get the TSSslVerifyCTX object that corresponds to the peers certificates being verified for the SSL connection corresponding to the sslp argument; This value is only meaningful during the peer certificate verification callbacks, specifically during callbacks invoked from the TS_SSL_VERIFY_SERVER_HOOK and TS_SSL_VERIFY_CLIENT_HOOK. The SSL object that corresponds to the peer certificates being verified. This is an opaque type that can be cast to the appropriate implementation type (X509_STORE_CTX * for the OpenSSL library).
