Bodo Moeller <[EMAIL PROTECTED]>:
[...]
> SSL_CTX_set_cert_verify_callback takes two arguments, the second of
> which is never used. Obviously the idea was the second one would be
> passed to the callback -- this will likely be done so in OpenSSL
> 0.9.5. All your callback has to do is call X509_verify_cert and
> return 1 if that function returned 0. X509_verify_cert sets
> ctx.error, so that the application can see that something went wrong.
Of course this assumes that the application looks at
SSL_get_verify_result and does not believe SSL_get_peer_certificate
unless the former returned X509_V_OK.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
