API to fetch channel binding (SSL) information?

Dan White dwhite at olp.net
Wed Nov 10 14:55:21 EST 2010

Unfortunately I'm not familiar enough with the sasl_setprop and
sasl_getprop calls to say what would be involved in allowing a calling
application to store certificate information.

On 10/11/10 11:42 -0800, William Mills wrote:
>That's what I figured.  Is there enough passed into the SASL initiation to
>be able to have a callback hook into the app for it?
>> -----Original Message-----
>> From: Dan White [mailto:dwhite at olp.net]
>> Sent: Wednesday, November 10, 2010 9:41 AM
>> To: William Mills
>> Cc: cyrus-sasl at lists.andrew.cmu.edu
>> Subject: Re: API to fetch channel binding (SSL) information?
>> On 10/11/10 08:50 -0800, William Mills wrote:
>> >Is there an API to be able to fetch the SSL peer certificate?  I'm
>> looking at doing channel binding.  Alternatively has anyone looked at
>> the challenges to adding this as a supported option to sasl_getprop()?
>> >
>> >Thanks,
>> >
>> >-bill
>> The SASL library doesn't, itself, participate in the SSL/TLS
>> negotiation,
>> so it does not have access to any certificate information unless it it
>> passed to it by the calling application (in the form of an
>> authentication
>> identity/username).
>> This thread should have more information:
>> http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-
>> sasl&msg=9550
>> --
>> Dan White

Dan White

More information about the Cyrus-sasl mailing list