1 Topic by christopher.mazza (edited by christopher.mazza 2022-07-20 06:42:28)

  • Registered: 2022-07-19
  • Posts: 1

Topic: Need to remove a certificate from a certificate chain

Here is what I do:
wolfSSL_CTX_use_certificate_chain_file (from a file containing several PEM certificates from leaf -> intermediates -> root)
wolfSSL_CTX_get_extra_chain_certs (to get a link to the certificate chain)
wolfSSL_X509_get_subject_name (to get the subject name of each certificate in chain)

When I find a certificate with a particular subject name, I need to delete it from the certificate chain in the ctx (and anywhere else it resides).

I cannot figure out how to do this cleanly.

The end goal is that a particularly named certificate needs to NOT be included in TLS Hello exchange.

Any help would be much appreciated.  I've tried everything I can think of.

Thank you

Share

  • Registered: 2021-07-06
  • Posts: 99

Re: Need to remove a certificate from a certificate chain

Hi Chris,

We do not support doing this at runtime.  Are you able to remove the undesired certificates from your chain before passing it to wolfSSL?

Thanks,
Kareem

Share