| 96 | |
| 97 | |
| 98 | * `--tls-cert-profile` |
| 99 | * The OpenSSL 'custom security callbacks' are undocumented and not very well fit to implement an mbed TLS-like tls-cert-profile option. |
| 100 | * So, instead of trying to mimic the mbed TLS behaviour, just go for the much simpler approach and set OpenSSL seclevels. We'll accept slightly different behaviour between openssl and mbed TLS, at least for now. |
| 101 | * Steffan will send David his patches that attemp to reimplement tls-cert-profile for openssl, so he can give it a try too if he wants to. |
| 102 | * Steffan will send a v2 of the mbed patch that will print a warning for openssl build, instead of refusing to start, if --tls-cert-profile is used. |
| 103 | * Steffan will later send a patch to implement the seclevel approach for openssl. |