[openssl-users] SSL_CTX_set_verify() callback and current depth

Paul Lucas plucas at splunk.com
Tue Oct 20 23:07:43 UTC 2015

I'm writing my own callback function in C for SSL_CTX_set_verify() to perform additional certificate checks (when the preverify_ok parameter is 1). However, I want to perform the checks only for the leaf certificate (depth = 0).

There is the function X509_STORE_CTX_get_error_depth() that gets the depth of the error; but I want the current depth even when there is no error so I can perform my additional checks only when depth=0. (Note that the function SSL_CTX_get_verify_depth() returns the depth limit and not the current depth.)

Is there any way to do what I want?

- Paul

More information about the openssl-users mailing list