Hi, I'm trying to implement a non-blocking client and a non-blocking server that will query a certificate manager each connection negotiation. My basic problem is what happens if an existing call on the server needs to renegotiate following the expiration of the server's certificate? If I'm correct (big assumption), the client will be easy to implement using a callback. By not initializing the certificate and setting the client_cert_cb (using in the SSL_CTX_set_client_cert_cb), the client will invoke the callback that will query my certificate manager each time an SSL connection is established. To insure the client uses the callback even during renegotiations, I can add code (possibly to ssl3_connect) that will force s->cert to NULL and thereby invoke the callback at the appropriate point in the handshake. However, the server seems like a tougher nut to crack. My initial callback that calls SSL_accept, can query the certificate manager. However, I have not found a way (without a fair amount of modification), to force the renegotiation of a call to query the certificate manager. I've looked for an equivalent callback, but I did not see it. I thought about setting the s->cert to NULL, but the ssl_get_server_send_cert does apparently not even check to see if that is NULL, much less invoke a callback. Has anyone crossed a similar bridge? Thanks, Rick ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
