[openssl-users] SSL_CTX ignores many X509_STORE fields and uses own fields

[Viktor Dukhovni]

> On Aug 17, 2018, at 10:52 PM, Daurnimator <quae at daurnimator.com> wrote:
> 
> I understand the current design; but I'm left wondering why it has an
> additional store member when VERIFY_PARAMS has the field there
> already.
> The design would seem to be much cleaner if all criteria for
> verification are taken from a single object.

They are taken from a single object, the X509 store associated with
the SSL_CTX, which is used to verify the peer per SSL_CTX_set_verify().

-- 
	Viktor.