A user should be able to inspect a certificate chain after default verification and accept or reject that connection asynchronously. We do not yet have access to the complete verified certificate chain in SwiftNIO SSL but we can already prepare the state machine in NIOSSLHandler to support an additional verification step.
Modification
add additionalVerification state to ConnectionState
add additionalCertificateChainVerification callback to NIOSSLContext
Result
NIOSSLHandler supports an asynchronous user defined verification step after default verification that delays connection establishment until success. Everything is still internal as we will need to alter the type signature of NIOSSLContext. CertificateChainVerificationCallback once we have access to the verified certificate chain.
Motivation
A user should be able to inspect a certificate chain after default verification and accept or reject that connection asynchronously. We do not yet have access to the complete verified certificate chain in SwiftNIO SSL but we can already prepare the state machine in
NIOSSLHandlerto support an additional verification step.Modification
additionalVerificationstate toConnectionStateadditionalCertificateChainVerificationcallback toNIOSSLContextResult
NIOSSLHandlersupports an asynchronous user defined verification step after default verification that delays connection establishment until success. Everything is still internal as we will need to alter the type signature ofNIOSSLContext. CertificateChainVerificationCallbackonce we have access to the verified certificate chain.