Dave Thompson wrote:
3. Use SSL_set_verify() and provide a callback function.
This sounds promising but the callback function gets called
for every certificate in the chain. How can I find out
whether the certificate in question is the peer's cert and
not some intermediate cert?
x509storectx
> From: owner-openssl-us...@openssl.org On Behalf Of Daniel Mentz
> Sent: Wednesday, 02 September, 2009 08:27
> To: openssl-users@openssl.org
> Subject: post-connection assertions
>
> I'm wondering what's the best way to check the identity of
> the peer [in its cer
I'm wondering what's the best way to check the identity of the peer i.e.
compare the commonName or subjectAltName included in the x509 cert with
the data I expect.
The book "Network Security with OpenSSL" calls this "Post-connection
assertions" (page 134).
I
