Working inside X509_STORE_CTX using verification callbacks
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Sep 25 17:16:50 UTC 2019
On Wed, Sep 25, 2019 at 11:22:26AM +0000, Simon Edwards wrote:
> void X509_STORE_CTX_set0_current_issuer(X509_STORE_CTX *ctx, X509 *cert)
> {
> ctx->current_issuer = cert;
> }
Can you provide a motivating use-case for this accessor? In
verification callbacks this lets you peek not only at the current
certificate, but also its issuer, but setting this has no useful
side-effects.
I've not looked at the CRL check code closely enough to know whether
there's a use-case there, but at first glance it looks unlikely.
--
Viktor.
More information about the openssl-users
mailing list