API to fetch channel binding (SSL) information?

William Mills wmills at yahoo-inc.com
Wed Nov 10 14:42:30 EST 2010


That's what I figured.  Is there enough passed into the SASL initiation to be able to have a callback hook into the app for it?  

> -----Original Message-----
> From: Dan White [mailto:dwhite at olp.net]
> Sent: Wednesday, November 10, 2010 9:41 AM
> To: William Mills
> Cc: cyrus-sasl at lists.andrew.cmu.edu
> Subject: Re: API to fetch channel binding (SSL) information?
> 
> On 10/11/10 08:50 -0800, William Mills wrote:
> >Is there an API to be able to fetch the SSL peer certificate?  I'm
> looking at doing channel binding.  Alternatively has anyone looked at
> the challenges to adding this as a supported option to sasl_getprop()?
> >
> >Thanks,
> >
> >-bill
> 
> The SASL library doesn't, itself, participate in the SSL/TLS
> negotiation,
> so it does not have access to any certificate information unless it it
> passed to it by the calling application (in the form of an
> authentication
> identity/username).
> 
> This thread should have more information:
> 
> http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-
> sasl&msg=9550
> 
> --
> Dan White


More information about the Cyrus-sasl mailing list