I think that I found the answer - get the error code from the X509_STORE_CTX and check for the value X509_V_ERR_CERT_HAS_EXPIRED (defined in x509_vfy.h).
-David --- david kine <[EMAIL PROTECTED]> wrote: > My application requires a feature that allows > connection to secure servers whose certificates may > have expired. > > I suppose that the OpenSSL verify callback function, > set with the function SSL_CTX_set_verify(), can > inspect an error condition and return "true" to > establish the secure connection. > > My question is what condition should the verify > callback function check for, in order to allow a > secure connection when the peer's certificate is > expired. > > Thanks, > > -David > > > > ____________________________________________________ > Start your day with Yahoo! - make it your home page > http://www.yahoo.com/r/hs > > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
