Hey,
I am using SSL_get_verify_result() to check the verification result. In addition to the normal checks, I want to do the followings: 1) I want to accept certificates even if it's expired. However, I can't simply ignore the errors X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED because SSL_get_verify_result() only returns the last error, so there could be other errors before this one but got hidden. Is there any way to accomplish this? 2) I also want to verify the common name against the server name. SSL_get_verify_result() doesn't seem to have an error code for this. I think I can just get the server certificate and verify it myself, but I wonder is there a better way to do it using OpenSSL primitives. I would appreciate any assistance I can get on this. Thank you very much. Best regards, Andy
