Hmm ok I get it.
So, to be able to get the fingerprint for the used certificates during a TLS handshake is possible by using the SSL_set_verify callbacks in the application or is the mentioned postfix useful for this purpose?
The information contained in this message is confidential and may be legally privileged. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, or reproduction is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
_______________________________________________________________________________
Robert Ionescu
On Mon, Mar 15, 2021 at 12:46 PM Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
On Mon, Mar 15, 2021 at 12:23:54PM +0100, Robert Ionescu wrote:
> I already found the callbacks for the verification process and I am
> still trying to figure it out if it is possible to change them in a
> way that they will print some certificate information to determine
> which certificate was used?
What do you mean "change them"? These are callbacks, you register the
callback function in the application, and then do whatever you want in
that function, including print certificate information, if that's your
goal. There's nothing to "change".
The verification Postfix uses for optional certificate verification
verbosity is at:
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_verify.c#L139-L185
--
Viktor.
