I don't specifically know the behavior of the code, so I have no means of
answering your question directly.
That said, it would certainly work if you stored a copy of the certificate
during your VerifyCallback(), and compared with the version you copied out
yourself. You might wish to balance thi
The same question in much more specific terms:
int VerifyCallback(X509_STORE_CTX *store_ctx, void *arg)
Is the certificate stored in store_ctx the *new* one that the peer sends
in case of *renegotiation*?
Is the certificate stored in the SSL struct (obtained via
SSL_get_peer_certificate()) t
Hello list,
I'm using SSL_CTX_set_cert_verify_callback(empty_callback) to bypass all
certificate chain walking and validation. I extract and validate the RSA
key *after* handshake and verify only that.
However I believe this callback can be called arbitrary times after
initial handshake, in
