Getting certificate handle in verification callback #56
Labels
enhancement
New feature or request
Comments
|
Rather than expose the underlying pointer, I’d rather expose the DER-encoded bytes. This is more in line with what we do with the public keys, and avoids users needing to work with unsafe pointers. Does that suit you? |
|
Yep! That works for me! |
|
rdar://58481718 (swift-nio-ssl: Expose certificate information to validation callbacks) |
|
See: #172. |
|
Resolved by #172, we should hopefully ship a release soon that contains this functionality. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi! This is a follow-up to #25 where @Lukasa said:
I agree that NIO-SSL shouldn't become a crypto lib, but right now we can't get any kind of useful information out of the certificate (other than SPKI). Would it be sensible to expose the underlying opaque pointer for users, so that they can call the necessary OpenSSL APIs and perform their own checks (and possibly warn the users about its unsafety)?
A typical use case would be verifying the signature of a self-signed client certificate, where I'm only concerned about whether the client is the actual owner of the presented public key and nothing else (other use cases include getting CNs, SANs or PEM data).
The text was updated successfully, but these errors were encountered: