Client certificate authentication

Robert Ionescu hightronicdesign at gmail.com
Mon Mar 15 23:05:35 UTC 2021


Hmm ok I get it.
So, to be able to get the fingerprint for the used certificates during a
TLS handshake is possible by using the SSL_set_verify callbacks in the
application or is the mentioned postfix useful for this purpose?
_______________________________________________________________________________
Robert Ionescu

*The information contained in this message is confidential and may be
legally privileged. The message is intended solely for the addressee(s). If
you are not the intended recipient, you are hereby notified that any use,
dissemination, or reproduction is strictly prohibited and may be unlawful.
If you are not the intended recipient, please contact the sender by return
e-mail and destroy all copies of the original message.*


On Mon, Mar 15, 2021 at 12:46 PM Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:

> On Mon, Mar 15, 2021 at 12:23:54PM +0100, Robert Ionescu wrote:
>
> > I already found the callbacks for the verification process and I am
> > still trying to figure it out if it is possible to change them in a
> > way that they will print some certificate information to determine
> > which certificate was used?
>
> What do you mean "change them"?  These are callbacks, you register the
> callback function in the application, and then do whatever you want in
> that function, including print certificate information, if that's your
> goal.  There's nothing to "change".
>
> The verification Postfix uses for optional certificate verification
> verbosity is at:
>
>
> https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_verify.c#L139-L185
>
> --
>     Viktor.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210316/3ea30b56/attachment.html>


More information about the openssl-users mailing list