Bugzilla – Bug 1528
Getting CA information during handshake
Last modified: 2008-08-11 15:17:47
You need to
before you can comment on or make changes to this bug.
> Does anyone know if it's possible when using Globus to retrieve the CA list
> that a server sends across during the SSL handshake? I'd like to be able to
> use that to determine which of multiple identity certificates to use for
> the connection.
The first server reply in a TLS handshake (used by GSI) does include the
DNs of all the CAs that the server trusts. I think what Bob is asking for
is if there are any mechanisms to get hold of that list.
The answer is no, there are currently no mechanisms in place to stop the
handshake process in mid-air and have the GSI libraries spit out that list
to an external "credential wallet" plugin. I agree that it would be a
useful feature though, and it ought not be too much work.
Bob: I suggest you submit this as feature request to the Globus bugzilla,
so that we don't loose track of this issue.