Re: SSL_CTX_set_cert_verify_callback and certificate access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/10/19 11:17 AM, Viktor Dukhovni wrote:

On Wed, Jan 09, 2019 at 08:54:30PM -0600, Corey Minyard wrote:



What I would like to do is pull out some information from the
certificate that is being verified, set/modify the verify store based
upon that information (basically chose the CA based upon something in
the certificate.  What I really need is X509_STORE_CTX_get_cert(), but
that function does not exist,

It does in OpenSSL 1.1.0 and later:

     See X509_STORE_CTX_get0_cert().

In OpenSSL 1.0.2 the structures are not opaque, so Postfix has forward
compatibility macros:

     https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls.h#L92-L110


That's useful, thanks.  The macros are just what I needed.

-corey

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux