Topic: Missing functions added from openssl compatibility layer

1.
      salee88

      [Avatar]
      2006-10-20 23:40:22 UTC
      Hi Todd,
      I found a couple of funcitons in openssl is not supported yet in yassl:

      SSL_CTX_use_certificate_chain_file
      SSL_CTX_ctrl

      Are you planning to implement the above functions soon or there is easy alternative way to get around the functions (ie. write your own). Thanks in advance for your help.

      Sean
   2.
      touskaProject Admin

      [Avatar]
      2006-10-23 17:59:00 UTC
      Hi Sean,

      I'll implement SSL_CTX_use_certificate_chain_file(), though it isn't required for yaSSL since the verification chain is automatically searched. That is, if your certificate A is signed by B and you load A, it gets sent to the peer. The peer already has to have B in order to verify A so there's no reason to also load B and send it to the peer that I can think of. Other implementations that I've tested support this, though many do send the complete chain. That said, it shouldn't be hard to support.

      SSL_CTX_ctrl() is a little more difficult since there's a ton of options and vendor specific controls, not to mention that it isn't supposed to be called directly according to the man page. Is there some specific functionality that you're thinking of, maybe yaSSL already has it, maybe it can be set elsewhere?

      Thanks for the suggestions,
      Todd

Share