For the ones who it can help :
In 0.9.8, the the various fields in the 'ctx' structure passed to the
call-back function were documented with relevant values. I used to
access directly to them.
With 1.0 this became false.
As a consequence, the use of the "access primitives"to these values,
like X509_STORE_CTX_get_error or X509_STORE_CTX_get_current_cert, is
mandatory.
Best regards,
Francis GASCHET
Le 18/06/2012 19:51, Dave Thompson a écrit :
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
Sent: Monday, 18 June, 2012 12:06
In my application, I met some problem when verifying a
certificate which is expired. It worked perfectly in 0.9.8
and I get the X509_V_ERR_CERT_HAS_EXPIRED error code,<snip>
The same code linked with 1.0.0a gives a completely different
result : The call back is called with 'ok' equal to 0, but
"current_cert" is null and the ctx->error is equal to 0 too.
X509_STORE_load_locations(store, NULL, dir_cacerts),
The cert-hash (and crl-hash) algorithm for CAcerts dir
in 1.0.0 differs from that used in 0.9.8. Either make
another dir and rehash, or use CAfile instead.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
