API for Certificate checking without date checks
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Mar 5 18:42:50 UTC 2024
On Tue, Mar 05, 2024 at 09:43:36AM +0100, Alexandr Nedvedicky wrote:
> To do it in code just get idea from apps/verify.c
> in openssl. It looks like you need to do something like:
>
> X509_STORE_set1_param *store;
> X509_VERIFY_PARAM *vpm = NULL;
>
> vpm = X509_VERIFY_PARAM_new();
> X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
>
> store = X509_STORE_new();
> ...
> X509_STORE_set1_param(store, vpm);
>
>
> more details can be found in verify_main() at apps/verify.c.
>
Indeed this is simpler than a custom verify callback, which is not
needed for this specific (ignoring dates) exception. Thanks!
--
Viktor.
More information about the openssl-users
mailing list