jfclere commented on PR #888: URL: https://github.com/apache/tomcat/pull/888#issuecomment-3252874388
> Ultimately, I still think Tomcat should be processing the client hello, find client supported groups, see what cert types are configured, and send to the appropriate SSLContext. This gives more control, but it's a lot more complex (we need group configuration, but here we clearly don't). While looking in openssl there is no easy way to select the cert/key, ssl_callback_ClientHello() allows to check everything but I don't think we can choose the cert/key there... The cert/key are in the sslcontext. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
