diff options
author | TJ Saunders <tj@castaglia.org> | 2016-03-23 11:55:53 -0700 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-05-02 16:55:14 -0400 |
commit | 5f18bc589865e6cc07e47ba7412a4cfd208abd04 (patch) | |
tree | d52eb6bdbac21e85ac27fb5b13369b5e4f45c52b /doc/ssl | |
parent | afce395cba521e395e6eecdaf9589105f61e4411 (diff) |
Issue #719:
If no serverinfo extension is found in some cases, do not abort the handshake,
but simply omit/skip that extension.
Check for already-registered serverinfo callbacks during serverinfo
registration.
Update SSL_CTX_use_serverinfo() documentation to mention the need to reload the
same serverinfo per certificate, for servers with multiple server certificates.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'doc/ssl')
-rw-r--r-- | doc/ssl/SSL_CTX_use_serverinfo.pod | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_use_serverinfo.pod b/doc/ssl/SSL_CTX_use_serverinfo.pod index 318e052e2b..caeb28de76 100644 --- a/doc/ssl/SSL_CTX_use_serverinfo.pod +++ b/doc/ssl/SSL_CTX_use_serverinfo.pod @@ -30,6 +30,14 @@ must consist of a 2-byte Extension Type, a 2-byte length, and then length bytes of extension_data. Each PEM extension name must begin with the phrase "BEGIN SERVERINFO FOR ". +If more than one certificate (RSA/DSA) is installed using +SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the +last certificate installed. If e.g. the last item was a RSA certificate, the +loaded serverinfo extension data will be loaded for that certificate. To +use the serverinfo extension for multiple certificates, +SSL_CTX_use_serverinfo() needs to be called multiple times, once B<after> +each time a certificate is loaded. + =head1 NOTES =head1 RETURN VALUES |