1 (edited by christopher.mazza 2022-07-20 06:42:28)

Topic: Need to remove a certificate from a certificate chain

Here is what I do:
wolfSSL_CTX_use_certificate_chain_file (from a file containing several PEM certificates from leaf -> intermediates -> root)
wolfSSL_CTX_get_extra_chain_certs (to get a link to the certificate chain)
wolfSSL_X509_get_subject_name (to get the subject name of each certificate in chain)

When I find a certificate with a particular subject name, I need to delete it from the certificate chain in the ctx (and anywhere else it resides).

I cannot figure out how to do this cleanly.

The end goal is that a particularly named certificate needs to NOT be included in TLS Hello exchange.

Any help would be much appreciated.  I've tried everything I can think of.

Thank you


Re: Need to remove a certificate from a certificate chain

Hi Chris,

We do not support doing this at runtime.  Are you able to remove the undesired certificates from your chain before passing it to wolfSSL?