Hello, You can register a verify callback function using X509_STORE_set_verify_cb() and X509_verify_cert() will call this function, which can be used to by-pass targeted errors like X509_V_ERR_INVALID_PURPOSE etc. Check callb function from apps/x509.c Thanks, Thulasi. On 16 July 2018 at 20:48, Tong <tongwangchen@xxxxxxxxx> wrote: > Dear openssl-users: > > We have some old certificates that have ill-formed value for the > subjectAltName extension, causing the TLS handshake to fail. > > Are there any options that can be configured to by-pass the parsing of the > subjectAltName extension (or all the x509v3 extensions) during TLS > handshake, without disabling the certificate validation all together? > > Thanks for any suggestions. > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
