I'm writing my own callback function in C for SSL_CTX_set_verify() to perform
additional certificate checks (when the preverify_ok parameter is 1). However,
I want to perform the checks only for the leaf certificate (depth = 0).
There is the function X509_STORE_CTX_get_error_depth() that gets th
Hello,
openssl verify -CAfile root.pem -untrusted issuer.pem srvr.pem
gives this output
srvr.pem: OK
but
openssl verify -CAfile root.pem -crl_check -untrusted issuer.pem srvr.pem
gives this:
srvr.pem: C = US, OU = Domain Control Validated, CN = revoked.grc.com
error 3 at 0 depth lookup:unable to
