On Fri, Jan 22, 2016, Viktor Dukhovni wrote: > > On Jan 22, 2016, at 7:35 PM, Claus Assmann wrote:
> > SSL_get0_dane_authority() returns -1 on a reused TLS session > > in my test program. > It is expected, but probably should be documented. Thanks; is there any chance to change that behaviour? Let me explain what I'm trying to do (sorry for not including that in the original mail): For SMTP STARTTLS I try to determine some properties of the TLS connection so the MTA can decide whether the connection should be aborted or continue. Those properties are for example: cert issuer, cert subject, cipher bits, verification status, e.g., X509_V_OK, (all of which can be retrieved from SSL via some function calls), and in the last case I would like to know if DANE was (originally/successfully) used. I could try to store that information somehow in the TLS session context (SSL) myself, but it would make things much easier if OpenSSL can provide that information. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
