Hello, In 1.0.0beta it seems that the interface between the certificate verify callback and the store context has slightly changed.
The X509_STORE_CTX_get_current_cert may now return NULL which was not the case before the introduction of policy checking. Is it the responsibility of the callback not to assume a non-null pointer now, for example not to simply call X509_oneline to format the cert subject? At least the verify callbacks currently in use in apps check this (except for s_cb which is used by s_server, but which is not yet affected). The example in the openssl docs uses X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); but also: X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert) Thanks in advance for any information. Peter Sylvester ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
