Details in PR https://github.com/apache/trafficserver/pull/5414
On Wed, May 1, 2019 at 4:36 PM SUSAN HINRICHS <shinr...@apache.org> wrote: > > > ---------- Forwarded message --------- > From: SUSAN HINRICHS <shinr...@ieee.org> > Date: Wed, May 1, 2019 at 4:36 PM > Subject: [API proposal] TSVConnSslVerifyCTXGet > To: <dev@trafficserver.apache.org> > > > Finally going in to fix the TS_SSL_VERIFY_CLIENT_HOOK and > TS_SSL_VERIFY_SERVER_HOOK and needed to add a call to get access to the > X509_STORE_CTX object to the plugin as pointed out by CrendKing in > https://github.com/apache/trafficserver/issues/4569 > > I propose adding the following API. I will put up a PR shortly with an > implementation, documentation and test. > > TSSslVerifyCTX TSVConnSslVerifyCTXGet(TSVConn sslp); > > Get the TSSslVerifyCTX object that corresponds to the peers certificates > being verified for the SSL connection corresponding to the sslp argument; > > > This value is only meaningful during the peer certificate verification > callbacks, specifically during callbacks invoked from the > TS_SSL_VERIFY_SERVER_HOOK and TS_SSL_VERIFY_CLIENT_HOOK. > > > The SSL object that corresponds to the peer certificates being verified. This > is an > > opaque type that can be cast to the appropriate implementation type > (X509_STORE_CTX * for the OpenSSL library). > >
