On Tue, Mar 15, 2005 at 10:24:11AM -0500, Victor Duchovni wrote:
> Is there an officially condoned mechanism to avoid caching the peer
> certificate of unverified clients? I want to cache the session keys,
> but if the peer certificate is not verified, there is not much point in
> burning storage saving it in the session cache. Is it perhaps possible to
> drop the cert early in the verification callback (when the verification
> failure is detected)?
>
> I could void the warranty by:
>
> #ifdef DONT_TRY_THIS_AT_HOME
> X509_free(session->peer);
> session->peer = 0;
> #endif
> buflen = i2d_SSL_SESSION(session, 0);
> ...
>
> but I don't believe that I am supposed to bypass the accessor methods
> and mess with the SSL_SESSION structure directly...
>
Is this the right list for this query? Other traffic I see is rather
more elementary... The openssl-dev list does not appear to be the right
place either...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
