Client certificate authentication

Robert Ionescu hightronicdesign at gmail.com
Mon Mar 15 11:23:54 UTC 2021


I already found the callbacks for the verification process and I am still
trying to figure it out if it is possible to change them in a way that they
will print some certificate information to determine which certificate was
used?
_______________________________________________________________________________
Robert Ionescu

*The information contained in this message is confidential and may be
legally privileged. The message is intended solely for the addressee(s). If
you are not the intended recipient, you are hereby notified that any use,
dissemination, or reproduction is strictly prohibited and may be unlawful.
If you are not the intended recipient, please contact the sender by return
e-mail and destroy all copies of the original message.*


On Fri, Mar 12, 2021 at 3:39 PM Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:

> On Fri, Mar 12, 2021 at 09:06:57AM +0100, Robert Ionescu wrote:
>
> > With "wrong" certificate I meant "invalid certificate".  So the idea
> > was in a bigger environment with a lot of certificates, to make the
> > invalid certificate debugging easier by getting more information from
> > openssl to identify the invalid certificate easier.
>
> Informal words like "wrong" or "invalid" still don't convey the actual
> meaning you have in mind, but in any case, the OpenSSL library provides
> callbacks that you can use to track the progress of and report errors
> in the certificate verification process.
>
>     SSL_CTX_set_verify(3)
>     SSL_set_verify(3)
>
> --
>     Viktor.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210315/7932fee5/attachment.html>


More information about the openssl-users mailing list