I have a non-blocking DTLS server and use SSL_VERIFY_PEER. Now I'd like to use the verify_callback that I set with SSL_CTX_set_verify() to check via OCSP for revocation. This works fine in a simple blocking test program, where I can just wait for the OCSP reply and then return 0 or 1 from my verify_callback function dependent on this reply. But in a non-blocking program I can't wait for the OCSP reply, but I also can't return -1 from my verify_callback function to tell the handshake code to call the callback again. Am I right that I can only do a non-blocking OCSP check after the handshake has finished? Detlef
