On Mon, Sep 02, 2019 at 06:49:40PM +0200, Alexandre Schaff wrote: > serverside : 'openssl s_server' using certfile which has 2 root-CA+cert > (certA and certB) and keyfile which has both secrets. The s_server application loads just one certificate chain from its certFile, and just one key from its keyfile. This happens before any interaction with the TLS client. The test as described is not useful to discern whether or not OpenSSL supports certificate selection based on the client's certificate selection hints. AFAIK, any certificate selection logic needs to go in a suitable callback, since the SSL_CTX can only store one key per algorithm, and so certificate selection requires callbacks to instantiate a per-connection context (as with SNI). So perhaps your answer is that the OpenSSL library does not presently provide built-in facilities for client-hint-based certificate selection, beyond what you get by negotiating a shared signature algorithm. -- Viktor.
