Bug 1528 - Getting CA information during handshake
: Getting CA information during handshake
Status: NEW
: unspecified
: All All
: P2 enhancement
: ---
Assigned To:
  Show dependency treegraph
Reported: 2004-02-06 07:53 by
Modified: 2008-08-11 15:17 (History)



You need to log in before you can comment on or make changes to this bug.

Description From 2004-02-06 07:53:13
the question:

> Does anyone know if it's possible when using Globus to retrieve the CA list 
> that a server sends across during the SSL handshake? I'd like to be able to 
> use that to determine which of multiple identity certificates to use for 
> the connection.

Olle's reply:

The first server reply in a TLS handshake (used by GSI) does include the
DNs of all the CAs that the server trusts. I think what Bob is asking for
is if there are any mechanisms to get hold of that list.

The answer is no, there are currently no mechanisms in place to stop the
handshake process in mid-air and have the GSI libraries spit out that list
to an external "credential wallet" plugin. I agree that it would be a
useful feature though, and it ought not be too much work.

Bob: I suggest you submit this as feature request to the Globus bugzilla,
so that we don't loose track of this issue.