[openssl-users] SSL_CTX ignores many X509_STORE fields and uses own fields
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Aug 17 17:18:32 UTC 2018
On Fri, Aug 17, 2018 at 11:25:01PM +1000, Daurnimator wrote:
> > When looking into https://github.com/wahern/luaossl/issues/140 I was
> > surprised to learn that an SSL_CTX* (and SSL*) does not use many of
> > the X509_STORE members.
There are no plans to change the design. You can set the verification
store associated with the SSL_CTX via:
SSL_CTX_set0_verify_cert_store(3)
or
SSL_CTX_set1_verify_cert_store(3)
do this early, before using the SSL_CTX to create SSL handles with
SSL_new(). Configure the store properties as you see fit.
--
Viktor.
More information about the openssl-users
mailing list