Dave Thompson wrote:
3. Use SSL_set_verify() and provide a callback function.
This sounds promising but the callback function gets called
for every certificate in the chain. How can I find out
whether the certificate in question is the peer's cert and
not some intermediate cert?
x509storectx->error_depth == 0 (1,2,... are the CAs) even though
this callback isn't for error. Yeah, it looks silly but it works.
Look at the loop in x509/x509_vfy.c internal_verify() to see why.
That works fine. Thanks a lot.
-Daniel
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
