On Thu, Dec 03, 2015 at 05:00:12PM +0000, Nounou Dadoun wrote: > Calling > X509_STORE_CTX_set_error(ctx, X509_V_OK); > Is actually what I'm doing already but I was worried that it would then > ignore any other errors (e.g. bad signature etc.); No, because is error is reported separately, and you're not setting "ok = 1" for the other errors. > I'd actually thought > the errors might be ORed together but that doesn't look like the case. Each error is reported separately. > So does it invoke the callback for each error (which is sort of a convoluted way of ORing)? Yes, though I don't think of it as "ORing". > If I say ok to EXPIRED will it catch a bad signature? Yes. -- Viktor.
