[openssl-users] SSL_CTX ignores many X509_STORE fields and uses own fields

Viktor Dukhovni openssl-users at dukhovni.org
Sat Aug 18 03:56:43 UTC 2018

> On Aug 17, 2018, at 10:52 PM, Daurnimator <quae at daurnimator.com> wrote:
> I understand the current design; but I'm left wondering why it has an
> additional store member when VERIFY_PARAMS has the field there
> already.
> The design would seem to be much cleaner if all criteria for
> verification are taken from a single object.

They are taken from a single object, the X509 store associated with
the SSL_CTX, which is used to verify the peer per SSL_CTX_set_verify().


More information about the openssl-users mailing list