API to fetch channel binding (SSL) information?
Dan White
dwhite at olp.net
Wed Nov 10 14:55:21 EST 2010
Unfortunately I'm not familiar enough with the sasl_setprop and
sasl_getprop calls to say what would be involved in allowing a calling
application to store certificate information.
On 10/11/10 11:42 -0800, William Mills wrote:
>That's what I figured. Is there enough passed into the SASL initiation to
>be able to have a callback hook into the app for it?
>
>> -----Original Message-----
>> From: Dan White [mailto:dwhite at olp.net]
>> Sent: Wednesday, November 10, 2010 9:41 AM
>> To: William Mills
>> Cc: cyrus-sasl at lists.andrew.cmu.edu
>> Subject: Re: API to fetch channel binding (SSL) information?
>>
>> On 10/11/10 08:50 -0800, William Mills wrote:
>> >Is there an API to be able to fetch the SSL peer certificate? I'm
>> looking at doing channel binding. Alternatively has anyone looked at
>> the challenges to adding this as a supported option to sasl_getprop()?
>> >
>> >Thanks,
>> >
>> >-bill
>>
>> The SASL library doesn't, itself, participate in the SSL/TLS
>> negotiation,
>> so it does not have access to any certificate information unless it it
>> passed to it by the calling application (in the form of an
>> authentication
>> identity/username).
>>
>> This thread should have more information:
>>
>> http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-
>> sasl&msg=9550
>>
>> --
>> Dan White
>
--
Dan White
More information about the Cyrus-sasl
mailing list