[openssl-dev] [openssl.org #4602] Missing accessors
Richard Levitte
levitte at openssl.org
Mon Jul 25 17:25:40 UTC 2016
In message <rt-4.0.19-13376-1469461907-1144.4602-6-0 at openssl.org> on Mon, 25 Jul 2016 15:51:47 +0000, "msalle at nikhef.nl via RT" <rt at openssl.org> said:
rt> The point is that if OpenSSL is providing a verification callback which
rt> can be used to provide a custom verification of the cert chain, then it
rt> should provide the necessary handles and the thing still missing from
rt> what Richard proposed is a way to point to the failing certificate in
rt> the chain. We can set the error, but not at which depth in the chain the
rt> error occurred.
rt> This in itself is not limited to our use-case but is a general API
rt> request.
Looking around, I just discovered that someone else has had the same
thoughts as you, back in April. These functions were added back then:
void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list