I already found the callbacks for the verification process and I am still trying to figure it out if it is possible to change them in a way that they will print some certificate information to determine which certificate was used?
The information contained in this message is confidential and may be legally privileged. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, or reproduction is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
_______________________________________________________________________________
Robert Ionescu
On Fri, Mar 12, 2021 at 3:39 PM Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
On Fri, Mar 12, 2021 at 09:06:57AM +0100, Robert Ionescu wrote:
> With "wrong" certificate I meant "invalid certificate". So the idea
> was in a bigger environment with a lot of certificates, to make the
> invalid certificate debugging easier by getting more information from
> openssl to identify the invalid certificate easier.
Informal words like "wrong" or "invalid" still don't convey the actual
meaning you have in mind, but in any case, the OpenSSL library provides
callbacks that you can use to track the progress of and report errors
in the certificate verification process.
SSL_CTX_set_verify(3)
SSL_set_verify(3)
--
Viktor.
