You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@trafficserver.apache.org by Susan Hinrichs <sh...@verizonmedia.com.INVALID> on 2019/05/01 20:06:46 UTC

Fwd: [API proposal] TSVConnSslVerifyCTXGet

---------- Forwarded message ---------
From: Susan Hinrichs <sh...@apache.org>
Date: Wed, May 1, 2019 at 2:46 PM
Subject: [API proposal] TSVConnSslVerifyCTXGet
To: dev <de...@trafficserver.apache.org>

Finally going in to fix the TS_SSL_VERIFY_CLIENT_HOOK and
TS_SSL_VERIFY_SERVER_HOOK and needed to add a call to get access to the
X509_STORE_CTX object to the plugin as pointed out by CrendKing in
https://github.com/apache/trafficserver/issues/4569

I propose adding the following API.  I will put up a PR shortly with an
implementation, documentation and test.

TSSslVerifyCTX TSVConnSslVerifyCTXGet(TSVConn sslp);

Get the TSSslVerifyCTX object that corresponds to the peers certificates
being verified for the SSL connection corresponding to the sslp argument;

This value is only meaningful during the peer certificate verification
callbacks, specifically during callbacks invoked from the
TS_SSL_VERIFY_SERVER_HOOK and TS_SSL_VERIFY_CLIENT_HOOK.

The SSL object that corresponds to the peer certificates being verified.  This
is an

opaque type that can be cast to the appropriate implementation type
(X509_STORE_CTX * for the OpenSSL library).