Hello list,
I'm using SSL_CTX_set_cert_verify_callback(empty_callback) to bypass all
certificate chain walking and validation. I extract and validate the RSA
key *after* handshake and verify only that.
However I believe this callback can be called arbitrary times after
initial handshake, in the case of renegotiation. In that case, I want to
close the connection if the peer renegotiates the session using a
different key than the initial one.
So I need to not only get the current certificate from X509_STORE_CTX, but
also the original certificate *from before renegotiation*. Is there an API
call for that, or do I need to pass custom data pointers using ex_data?
Thank you in advance,
Dimitris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
