holme-r
commented
3 years ago I'm sorry, but I am a little confused. You don't need to know the server's hostname when loading a client cert. A client cert is the certificate of the USP Agent.
Closed antonioboian closed 3 years ago
holme-r
commented
3 years ago I'm sorry, but I am a little confused. You don't need to know the server's hostname when loading a client cert. A client cert is the certificate of the USP Agent.
holme-r
commented
3 years ago OK. I understand now after re-reading the title. You are correct that OBUSPA does not support loading a different client certificate based on hostname of server it is connecting to.
antonioboian
commented
3 years ago All right, perfect thanks for the advice then. I'm sorry if I didn't provide a lot of context. However, do you think is this something that will be considered to be implemented in the future, maybe with a Data model parameter to set the correct pair of certificates ?
holme-r
commented
3 years ago I think you'd need to propose this feature to the BBF if you'd like the specification to support it. OBUSPA follows the specification.
antonioboian
commented
3 years ago Thanks again holme-r for your support
Good Afternoon everyone, I was working on the definition of the load_agent_cert_cb call back with the aim to load a different client certificate based on which is the Client is calling the DEVICE_SECURITY_LoadTrustStore function. However, at this stage for my understanding, it is not possible to retrieve the hostname without changing the source code of the agent, given the fact that only the SSL_CTX is passed.