Hi VKG The problem statement confuses me but we had a problem to infinite host on a single secure server between our client and server and we chose N Contexts that are loaded with SSL certificate of the server requested (we know that from our helper program) generated on runtime and clients accept as our CA is embedded in client... Thus a single server with N SSL Contexts with certs being generated on the fly helped us.. In your case, can we use multiple Contexts for each of the domains to be hosted.. Anyways, plz elaborate the problem as I feel I am thinking in opposite direction.
Regards -Krishna Flextronics, India On 8/11/06, Vijay K. Gurbani <[EMAIL PROTECTED]> wrote:
I have a client that masquerades as different virtual clients and thus needs to present a different certificate to a server based on some internal policy. For instance, consider a client that hosts two virtual domains: foo.com and bar.com. When initiating requests from a user in foo.com domain, the certificate that the client provides to the server would have keying material pertinent to the foo.com domain. Likewise, for the bar.com domain. To facilitate name-based virtual servers, TLS has extensions that allow a client to specify a server name when a TLS connection is formed to the server. The server can then present the right certificate to the client. I am doing the same thing, except that it is being done on the client, not the server. Has anyone done this before? One way to do this is as follows: before the client forms a TLS connection to the server, it will invoke SSL_CTX_use_certificate_chain_file() to load the appropriate certificate in the SSL context. When done, it unloads the file. Does anyone see something blatantly wrong with this? Or a better way to accomplish what I want to do? Thanks, - vijay -- Vijay K. Gurbani [EMAIL PROTECTED],research.bell-labs.com,acm.org} Bell Laboratories, Lucent Technologies, Inc. 2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
