On Thu, Jun 26, 2003 at 09:52:57AM +0100, steve thornton wrote: > I've been trying to use X509_set_verify() and an associated callback > function to allow me to override the standard verification if necessary. > According to the O'Reilly OpenSSL book, this function gets called on every > connection, and allows the callback to alter the ok value, thus allowing the > application to override. However, when I look at the source code, I notice > that this is not true, as the callback is made only if the verification > fails. Furthermore, if the application alters the return value to true (thus > overriding the failure) then everything crashes in flames (at least on my > embedded platform). While I am hunting for the bug, can anybody confirm any > of the above? Is anybody aware of this behaviour?
man SSL_CTX_set_verify -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
