I have a very simple query: as a result of SSL/TLS negotiation I know I
could retrieve a pointer to the remote peer x509 structure, possibly via
"SSL_get_peer_certificate".
What I would like to do is this: 1) get that remote certificate stored
in a file in a suitable format, so that I could further have a
look/manipulate it via openssl (the command line program); and 2) if
possible, retrieve the whole certificate chain (remote peer + CA/issuer)
and store it also in a file for further examination/manipulation by openssl.
The reason I am doing this is also very simple: as a result of SSL/TLS
negotiation (remote socket connection) I have the option of verifying
the remote party. That verification depends on the local party having
the whole certificate chain (remote peer + CA/issuer) or, at the very
least, the CA/issuer certificate.
This, for various reasons which I won't bother you with, is not always
possible, so in order for me to make the connection I have to
temporarily disable the verification of the remote peer, retrieve the
remote peer certificate chain, save this in a file using suitable file
format, examine it, and if I determine that this chain is to be trusted,
use it and enforce remote peer verification from now on, having obtained
the appropriate certificates.
Is this possible?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
