Unfortunately, the short answer is I can't avoid the problem. The application
is complicated, and can be thought of as many applications, all of which have
different needs. I don't think combining a certificate chain into one file
eliminates the need for all of the calls I'm making, just some of
On Wed, Nov 03, 2021 at 08:32:43PM +, Jason Schultz wrote:
> To summarize, at application start time I read in all of the
> certificates in /etc/ssl/certs/ to a trusted store created with
> X509_STORE_new().
>
> When getting ready to "start" a server (again, leaving a lot of
> specifics out t
Victor-
Since the only code that's changed from this working with OpenSSL 1.1.1 is the
code we've been talking about in this thread, it's possible that this is
causing the problem.
I should explain more what I am doing and how, and also mention that you helped
me with this when I was trying to
On Wed, Nov 03, 2021 at 12:38:51PM +, Jason Schultz wrote:
> In any case, things appear to be working now, but I'm hitting an issue
> later on when calling SSL_CTX_build_cert_chain(). I working on
> debugging that, I may have to start yet another thread later.
Your mistake is probably in load
Victor-
Thanks for the info. I think I'm going to use:
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
EVP_PKEY pkey = X509_get_pubkey(cert);
(also suggested by Selva) The reason is, and to answer some of your questions,
all of this is taking place well before any handshakes, so the SSL obje
