Hello,
In my application, I met some problem when verifying a certificate which
is expired.
It worked perfectly in 0.9.8 and I get the X509_V_ERR_CERT_HAS_EXPIRED
error code, and my verify call back is able to print the issuer and
subject of the "current_cert".
The same code linked with 1.0.0a gives a completely different result :
The call back is called with 'ok' equal to 0, but "current_cert" is null
and the ctx->error is equal to 0 too.
The sequence of building the verify context and verifying the
certificate is the following :
X509_STORE_new();
X509_STORE_set_verify_cb_func(store, verify_callback);
X509_STORE_load_locations(store, NULL, dir_cacerts),
X509_STORE_add_crl(store, CRL); //(for each
CRL of the CA stack)
verify_ctx = X509_STORE_CTX_new();
X509_STORE_CTX_init(verify_ctx, store, cert, NULL);
X509_STORE_CTX_set_flags(verify_ctx, X509_V_FLAG_CRL_CHECK |
X509_V_FLAG_CRL_CHECK_ALL);
x509_err = X509_verify_cert(verify_ctx);
Except for X509_STORE_set_verify_cb_func, the returned value is checked
everywhere.
x509_err is equal to 0 but verify_ctx->error is 0 too...
Any idea?
Thanks in advance.
--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
