I'm looking into adding ACME ALPN challenge support to an application that uses the SSL module and I think it's possible to do that by using a custom SSL Context object; however it seems that I'd need access to the SSL Session from find_cert_domain in order to determine if the connection was requesting challenge authentication. I'm also assuming that the module doesn't otherwise cache the certificates returned from this call.
Would it be unreasonable to either change the signature of find_cert_domain() to include this, or possibly add an optional method to that would get used if present (for backward compatibility reasons)?
Of course, if I get it working in a reasonable fashion, I'd be happy to contribute this hypothetical ACME Context.
Any thoughts?
Bill
pike-devel@lists.lysator.liu.se