Re: [asio-users] ssl server supporting multiple certificates and multiple private keys...
Brought to you by:
chris_kohlhoff
Menu
▾
▴
Re: [asio-users] ssl server supporting multiple certificates and multiple private keys...
|
From: Juraj I. <jur...@gm...> - 2010-05-28 07:37:34
|
On 28.5.2010 6:16, leon zadorin wrote: > Yes -- but I wasn't really asking about client certificates (I'm sorry > if this was not 100% clear in my previous explanations), I was rather > asking about a server having *multiple* *server* self-signed > certificates (i.e. 2, each signed with a different private key) and > clients connecting to server using any of the multiple "server" > certificates (to validate the target server)... for the reasons > outlined in the 1st post. Sorry, after reading your initial post again - you were clear enough. OpenSSL mailing list would definitely be a better place to ask this question. I did however look around OpenSSL API and failed to find anything to allow multiple server certificates. I'm pretty sure that only one server certificate/private key is allowed per SSL handshake. In case it cannot be done - you can alway try multiple SSL handshakes with the client using different certificates and private keys until one of them succeeds. Or you could try implementing some sort of pre-handshake on plain TCP where you could negotiate CA certificate for the SSL. This is, of course, under assumption that you are designing this protocol. |
