Bug 1528 – Getting CA information during handshake

Bug 1528 - Getting CA information during handshake

Summary:

Getting CA information during handshake

Status:	NEW

Product:	GSI C
Component:	Authentication
Version:	unspecified
Platform:	All All

Importance:	P2 enhancement
Target Milestone:	---
Assigned To:	Joe Bester

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2004-02-06 07:53 by Robert Olson
Modified:	2008-08-11 15:17 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Robert Olson 2004-02-06 07:53:13

the question:


> Does anyone know if it's possible when using Globus to retrieve the CA list 
> that a server sends across during the SSL handshake? I'd like to be able to 
> use that to determine which of multiple identity certificates to use for 
> the connection.

Olle's reply:

The first server reply in a TLS handshake (used by GSI) does include the
DNs of all the CAs that the server trusts. I think what Bob is asking for
is if there are any mechanisms to get hold of that list.

The answer is no, there are currently no mechanisms in place to stop the
handshake process in mid-air and have the GSI libraries spit out that list
to an external "credential wallet" plugin. I agree that it would be a
useful feature though, and it ought not be too much work.

Bob: I suggest you submit this as feature request to the Globus bugzilla,
so that we don't loose track of this issue.