On Wed, Jul 25, 2007 at 07:26:27PM -0700, Andy Chan wrote:
> Thanks for the response. I can get #1 to work fine now. As for #2, does
> anyone have code sample for verifying the common name in the server cert
> against the expected name?
>
See Postfix 2.5-20070531-tls-nonprod for the meticulous
: Wednesday, July 25, 2007 12:40 AM
To: openssl-users@openssl.org
Subject: Re: SSL verify options
Andy Chan wrote:
>
> I am using SSL_get_verify_result() to check the verification
> result. In addition to the normal checks, I want to do the followings:
>
>
>
> 1)
Andy Chan wrote:
>
> I am using SSL_get_verify_result() to check the verification
> result. In addition to the normal checks, I want to do the followings:
>
>
>
> 1) I want to accept certificates even if it’s expired. However,
> I can’t simply ignore the errors *X509_V_ERR_CERT_NOT_YET_
