Hello, After getting an error in the verify callback of my server saying that the presented client certificate is expired, I cannot clear the openssl error stack. The reason I want to do that is because I want to be able to override (under specific circumstances) the default OpenSSL behavior that rejects a connection from a client who presents an expired certificate. The way I have tried to do that is to return 1 from the verification callback when openssl passes 'ok' argument as 0 (i.e. failed verification). I would expect that returning 1 signifies success and hence the error stack is cleared, however I found out that calling SSL_get_verify_result() after the verification callback still returns an error. Why is that? Please note that I'm using openssl 0.9.8 Thanks a lot in advance, Antonis -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150129/9b3cdddd/attachment.html>
