On Fri, Mar 12, 2021 at 09:06:57AM +0100, Robert Ionescu wrote:
> With "wrong" certificate I meant "invalid certificate". So the idea
> was in a bigger environment with a lot of certificates, to make the
> invalid certificate debugging easier by getting more information from
> openssl to identify the invalid certificate easier.
Informal words like "wrong" or "invalid" still don't convey the actual
meaning you have in mind, but in any case, the OpenSSL library provides
callbacks that you can use to track the progress of and report errors
in the certificate verification process.
SSL_CTX_set_verify(3)
SSL_set_verify(3)
--
Viktor.
