On Tue, Jun 16, 2015 at 04:38:16PM +0200, Fabrice wrote: > I explain : > > I would like a function like this : > > int X509_verify(const char *certPem, void *who, char *(*whatYouWant)(void > *who, int type, const X509_NAME *subject, const X509_NAME *issuer)) > > where : > > <certPem> : is a certificat in PEM format to verify > <who> : is an instance of a class > whatYouWant : is a method of <who> that can find <type> (certificat > X509_LU_X509, CRL X509_LU_CRL) > with the <subject> and eventually the <issuer> > > this function would callback <who> on <whatYouWant> until the root CA of > <certPem> and do the appropriates verifications on intermediate > certificats and CRLs, and return 0 succes, other error. > > Is there any solution to do so with the current version of openssl API > otherwise how can i do ? This is surely not really what you want, it is a means to an end, and you have not explained your *real* goal. What actual problem are you trying to solve. What would such a feature enable you to do? Are you verifying TLS peers (client or servers), signatures of CMS/SMIME messages, ... What additional checks are you looking to do beyond the standard certificate chain verification. -- Viktor.
