On Wed, Oct 9, 2013 at 6:52 AM, Dr Stephen Henson <shen...@opensslfoundation.com> wrote: > > Technically the "current certificate" concept doesn't need exposing at all. > You > just have to make sure you set all the relevant parameters *after* you set the > certificate they apply to and *before* you set another one.
Hi Stephen, Thanks a lot for your continued help. I'm trying to figure out how to do that: In ssl_engine_config.c, when a ServerInfoFile is encountered in the config file (whether directive or SSL_CONF), the code could look at sc->server->pks->cert_files to figure out the most recent "SSLCertificateFile", and its index. But by ssl_engine_init.c, the certs have been read, parsed, and translated into a table indexed by algorithm type, and accessed via ssl_asn1_table_get(...). How would you expect the code to track the Cert -> ServerInfo relationship between these points? Trevor