[openssl-users] SSL_CTX ignores many X509_STORE fields and uses own fields
quae at daurnimator.com
Sat Aug 18 02:52:18 UTC 2018
On 18 August 2018 at 03:18, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
> On Fri, Aug 17, 2018 at 11:25:01PM +1000, Daurnimator wrote:
>> > When looking into https://github.com/wahern/luaossl/issues/140 I was
>> > surprised to learn that an SSL_CTX* (and SSL*) does not use many of
>> > the X509_STORE members.
> There are no plans to change the design. You can set the verification
> store associated with the SSL_CTX via:
> do this early, before using the SSL_CTX to create SSL handles with
> SSL_new(). Configure the store properties as you see fit.
I understand the current design; but I'm left wondering why it has an
additional store member when VERIFY_PARAMS has the field there
The design would seem to be much cleaner if all criteria for
verification are taken from a single object.
More information about the openssl-users