Multiple trust chains for server verification #34
Description
We believe that it might be common that either a TLS-enabled client or server might reside in more than one trust domain. It should be possible for the upper layer consumer (eg, NFS/RPC) to specify both a certificate and a specific trust bundle when initiating a TLS session.
Currently, an administrator can specify that tlshd use the system's default trust bundle, or one particular trust bundle for all in-kernel TLS consumers. This mechanism needs to be more flexible.