On Sun, Feb 17, 2013 at 10:02 AM, Jeremy Harris <j...@wizmail.org> wrote: > On 02/16/2013 10:51 PM, Dr. Stephen Henson wrote: >> >> So you could supply an application defined callback that just calls >> X509_verify_cert too which keeps the current behaviour. If that call is >> successful you can then note the chain for future use using >> X509_STORE_CTX_get1_chain(). > > > That's fine except that we're using SSL_CTX_set_verify() callback already > and the docs say it and SSL_CTX_set_cert_verify_callback() should not > be mixed. Just my 2 cents, but I think that its language barrier confusion:
"Do not mix the verification callback described in this function with the verify_callback function called during the verification process. The latter is set using the SSL_CTX_set_verify(3) family of functions." I believe the warning is trying to tell you there are two callbacks, and you should ensure you really want SSL_CTX_set_cert_verify_callback rather than SSL_CTX_set_verify. I also don't read that they are mutually exclusive. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
