> On Nov 4, 2017, at 7:11 PM, Jeremy Harris <jgh@xxxxxxxxxxx> wrote: > > 1.0.2k fips. I hope you're not enabling, or at least not voluntarily enabling FIPS mode, but that's off-topic... > Server, having loaded two certs (one rsa, one ecdsa) using > SSL_CTX_use_certificate_chain_file(). > > After SSL_accept(), call SSL_get_certificate() to see what > cert was presented. The negotiated certificate is only populated in the server SSL handle when you've registered a TLS status callback. See SSL_CTX_set_tlsext_status_cb(3) > What should I be doing different? For now, instantiate the callback. I think we should look into changing the behaviour at some point to always make this available at the completion of the handshake. And document SSL_get_certificate(). Feel free to open an issue on Github... -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
