Menu
▾
▴
[Ocamlnet-devel] TLS feature when migrating from OCamlnet 3.x to 4.x
|
From: Thomas C. <cal...@gm...> - 2015-11-25 10:50:43
|
Hi, Our project, Caml Crush, a PKCS#11 proxy in OCaml uses OCamlnet Netplex and RPC layer. We have been migrating from OCamlnet 3.x to OCamlnet 4.x during the last months and we had some questions regarding the newly released TLS bindings. In our code compatible with Ocamlnet 3.x SSL bindings (through OCaml-ssl), we are using the Ssl.get_certificate OCaml-ssl call in the 'get_peer_user_name' server hook to get and dump the peer client certificate (this allows us to check this certificate against a white list on the server side). We would like to have the same degree of control with the 4.x release of OCamlnet. After some digging in OCamlnet 4.x TLS code, we have not found an API providing the Ssl.get_certificate service. Did we miss something? Is it possible to emulate such a feature? Also, the current implementation does not allow to have a separate trust chain (one for the server and one for the clients when peer_auth is enabled). This would be a welcome addition. Thanks in advance for your help, Thomas |
