Hi Steve, That is exactly what I needed. I've just tried it out with OpenSSL-1.0.2-beta1 and it works perfectly. Do you have any ETA on when the 1.0.2 will be released?
Thank you! On Wed, Jun 4, 2014 at 4:29 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Wed, Jun 04, 2014, DEXTER wrote: > > > > Well, that's not how it works. Normally when OpenSSL returns with > > >> something like WANT_READ or WANT_WRITE, it is possible to later > > >> determine whether the preconditions for moving forward are satisfied. > > >> > > >> In this case you're asking OpenSSL to just wait for nothing in > > >> particular. That feature does not exist. > > >> > > > That's the problem. I'm asking kindly the devs of openssl to make this > > > feature exist. > > > > > >> > > >> > > Now that Openssl has two full time developers, is there an official way > to > > request such a feature? > > (The request is about supporting a way for mitm proxies to be able to get > > the servername from the client, suspend the handshake with it, and > continue > > later when you have the proper certificate.) > > I'm not sure if this will do precisely what you want but OpenSSL 1.0.2+ > supports certificate callbacks for both client and server certificates. > > In the server case the callback is called when the server certificate is > required. It has a feature where the callback can return -1 and this then > sets > a special state SSL_ERROR_WANT_X509_LOOKUP and you can retry in the same > way > as other SSL_ERROR_WANT_* conditions. > > See: > > http://www.openssl.org/docs/ssl/SSL_CTX_set_cert_cb.html > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
