I need to figure out which client certificates are issued by valid CAs (according to the server).
I set a callback with SSL_CTX_set_client_cert_cb In the callback I get the list of CAs from the server with STACK_OF(X509_NAME) *pX509Names = SSL_get_client_CA_list(ssl) Now I have a list of certificates from the window certificate store (I can get them into an X509 structure). How can I check which of these certs are from one of the server approved CAs? I'm thinking I can call SSL_CTX_set_client_CA_list(sslCtx, pX509Names), but I don't know where to go after that to verify them. I'm a bit of a novice at this stuff, so any help would be appreciated. Thanks. -------- Thomas Fili
