I have connections to a Azure server that has tree CA available. To be able to talk to the server with .peer_verify = 2; I need to replace the CA one by one and try to figure out what CA is the relevant one. Is there any way to connect multiple CA to one cert pair? Also if writing the priv/client key multiple times with different sec_tag, but then the TLS connection just looks at the first one and sees that it fails and does not continue to the second one.
sec_tag_list[0] = 4321; // With non working CA
sec_tag_list[1] = 1234; // With working CA
my_tls_config.peer_verify = 2;
my_tls_config.cipher_count = 0;
my_tls_config.cipher_list = NULL;
my_tls_config.seg_tag_list = sec_tag_list;
my_tls_config.sec_tag_count = 2;
my_tls_config.hostname = (char *)hostname;
When connecting it only tries the first set of sec_tags. But this brings a lot of overhead since the priv/client cert is written multiple times inside the handler.
How can we manage connections with multiple CA when connecting to one host name?
Possible Workaround:
- Replace CA for each test and test up to 3 times before making a successful connection. But this is not a good workaround
Hoping for more info / suggestions
