API to fetch channel binding (SSL) information?
Alexey Melnikov
alexey.melnikov at isode.com
Wed Nov 10 21:26:26 EST 2010
Dan White wrote:
> Unfortunately I'm not familiar enough with the sasl_setprop and
> sasl_getprop calls to say what would be involved in allowing a calling
> application to store certificate information.
Luke Howard done a patch adding support for channel bindings to libsasl.
I will be integrating it relatively shortly (once I do some testing,
hopefully within 2 weeks).
If you want to see the preview of this patch before it is integrated,
please email me off-list.
> On 10/11/10 11:42 -0800, William Mills wrote:
>> That's what I figured. Is there enough passed into the SASL
>> initiation to
>> be able to have a callback hook into the app for it?
>>
>>> -----Original Message-----
>>> From: Dan White [mailto:dwhite at olp.net]
>>> Sent: Wednesday, November 10, 2010 9:41 AM
>>> To: William Mills
>>> Cc: cyrus-sasl at lists.andrew.cmu.edu
>>> Subject: Re: API to fetch channel binding (SSL) information?
>>>
>>> On 10/11/10 08:50 -0800, William Mills wrote:
>>> >Is there an API to be able to fetch the SSL peer certificate? I'm
>>> looking at doing channel binding. Alternatively has anyone looked at
>>> the challenges to adding this as a supported option to sasl_getprop()?
>>> >
>>> >Thanks,
>>> >
>>> >-bill
>>>
>>> The SASL library doesn't, itself, participate in the SSL/TLS
>>> negotiation,
>>> so it does not have access to any certificate information unless it it
>>> passed to it by the calling application (in the form of an
>>> authentication
>>> identity/username).
>>>
>>> This thread should have more information:
>>>
>>> http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-
>>> sasl&msg=9550
>>>
>>> --
>>> Dan White
>>
>
More information about the Cyrus-sasl
mailing list