|
Hi, I’d like to perform a preliminary (programmatical) check as to whether a given certificate (chain) can be used for TLS operations (given a configured SSL_CTX if required) or not. Is there any easy way to achieve this? Background: I get the Certs to use via an external library and it may happen that the user has configured something wrong and I end up getting something like an RSA certificate for a TLS 1.3-only Server (which doesn’t work obviously). Now if I just proceed with starting the handshake, I’ll get very unhelpful openssl errors, e.g. version_negotiation_failed – which have little to do with the actual problem at hand. Thus, I’d like to try and pre-check and at least warn/log something to help troubleshoot the issue. Thanks for the help Jochen |
