On Mon, Jul 11, 2016 at 9:16 AM, David Benjamin <david...@chromium.org<mailto:david...@chromium.org>> wrote:
> OpenSSL determines which certificate to use during ClientHello processing, > but it has a mode where, if intermediates were not explicitly configured and > only a leaf, it path-builds right before sending the Certificate message. But > I don't see any reason why it can't be changed to compute this earlier. Correct, OpenSSL's late computation of the chain, plus other design decisions (one-state-at-a-time, same buffer for everything, etc) is the reason I proposed the change. Since the draft requires cached-info to be the hash of the serialized chain rather than individual certs, it does require the serialization code to be run outside of the usual state machine codepath, which is also cumbersome. The MAY instead of MUST makes the server-side implementation almost plug-in - serialization happens as normal and the serialized message is replaced if it matches a cached-info. The client side implementation only slightly more complicated - check first for a length match and then a cached-info match (needed anyway); if either fail, the client treats the message as a normal certificate. Having another way to indicate this besides length would suffice too, but I'm fine with not changing the draft either if that's what everyone feels. -- Anirudh
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
