[exim-dev] [Bug 2092] Should support dual-key configuration …

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 2092] New: Should support dual-key configuration with lists of keys/certs
Subject: [exim-dev] [Bug 2092] Should support dual-key configuration with lists of keys/certs
https://bugs.exim.org/show_bug.cgi?id=2092

--- Comment #2 from Phil Pennock <pdp@???> ---
nginx src/event/ngx_event_openssl.c :

    /*
     * we can't use SSL_CTX_use_certificate_chain_file() as it doesn't
     * allow to access certificate later from SSL_CTX, so we reimplement
     * it here
     */


Haven't investigated to know why they want to access the same cert later, am
vaguely assuming that it's to be able to extract attributes for setting as
context variables (eg, for export to environ for CGI).

Postfix src/tls/tls_certkey.c : tls_set_my_certificate_key_info() takes one
each of RSA, DSA, ECDSA and if present calls set_cert_stuff() on each, which is
a fairly thin wrapper around calling SSL_CTX_use_certificate_chain_file() and
SSL_CTX_use_PrivateKey_file() together with a call to
SSL_CTX_check_private_key() to ensure that the key and cert match.

So I think that your analysis is correct.

--
You are receiving this mail because:
You are on the CC list for the bug.