You're right about it being non-obvious but I got it working, thanks! ... N
--- Nou Dadoun ndad...@teradici.com 604-628-1215 -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: May 10, 2012 3:47 PM To: openssl-users@openssl.org Subject: Re: User parameter for SSL_set_verify On Thu, May 10, 2012, Nou Dadoun wrote: > I have an unusual problem - I'm writing a "connection server" kind of > application and to make a long story short, I have a number of pending > outgoing ssl connections and I need to look at the certificate which each > presents to determine how to handle the connection. > > With that in mind I use the SSL_set_verify() to set a callback to examine > the presented certificate i.e. > > void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int, > X509_STORE_CTX *)); > > Unfortunately there is no opportunity to provide a user argument to match up > a presented certificate with its corresponding pending connection - the > callback presents only the preverify result and the context store which I > can use to retrieve the certificate. > Actually there is a non obvious one through the OpenSSL ex_data mechanism. Certain structures can have user defined data attached to them. The SSL structure is one such example and X509_STORE_CTX another. In the cae of the X509_STORE_CTX the appropriate SSL structures is automatically passed via ex_data using the index returned by the function SSL_get_ex_data_X509_STORE_CTX_idx(). So using that you can get hold of the SSL structure and any data you want to place in there. There is an example in the SSL_CTX_set_verify() manual page. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
