Hi, we need to change our client certificate we're sending to a third party based on the issue of the cert they send us. Is this possible on 11.6.2? I thought I could use the SERVERSSL_SERVERCERT events and if it all looks validates against a combined CA, take the SSL::issuer value into a switch statement and use SSL::profile to attache the right profile that references the right client cert to it.
1) There are warnings that this is slow, as you'll need to renegotiate / reload ca files
2) SERVERSSL_SERVERCERT might not even exist until v13?
3) SERVERSSL_SERVERHELLO definitely exists in v11.6, but only SSL::extensions is available, even though we shoudl have the cert by then?