API to fetch channel binding (SSL) information?

Alexey Melnikov alexey.melnikov at isode.com
Wed Nov 10 21:26:26 EST 2010

Dan White wrote:
> Unfortunately I'm not familiar enough with the sasl_setprop and
> sasl_getprop calls to say what would be involved in allowing a calling
> application to store certificate information.
Luke Howard done a patch adding support for channel bindings to libsasl. 
I will be integrating it relatively shortly (once I do some testing, 
hopefully within 2 weeks).
If you want to see the preview of this patch before it is integrated, 
please email me off-list.
> On 10/11/10 11:42 -0800, William Mills wrote:
>> That's what I figured.  Is there enough passed into the SASL 
>> initiation to
>> be able to have a callback hook into the app for it?
>>> -----Original Message-----
>>> From: Dan White [mailto:dwhite at olp.net]
>>> Sent: Wednesday, November 10, 2010 9:41 AM
>>> To: William Mills
>>> Cc: cyrus-sasl at lists.andrew.cmu.edu
>>> Subject: Re: API to fetch channel binding (SSL) information?
>>> On 10/11/10 08:50 -0800, William Mills wrote:
>>> >Is there an API to be able to fetch the SSL peer certificate?  I'm
>>> looking at doing channel binding.  Alternatively has anyone looked at
>>> the challenges to adding this as a supported option to sasl_getprop()?
>>> >
>>> >Thanks,
>>> >
>>> >-bill
>>> The SASL library doesn't, itself, participate in the SSL/TLS
>>> negotiation,
>>> so it does not have access to any certificate information unless it it
>>> passed to it by the calling application (in the form of an
>>> authentication
>>> identity/username).
>>> This thread should have more information:
>>> http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-
>>> sasl&msg=9550
>>> -- 
>>> Dan White

More information about the Cyrus-sasl mailing list