[openssl-users] SSL_CTX ignores many X509_STORE fields and uses own fields
quae at daurnimator.com
Thu Jul 12 08:49:28 UTC 2018
When looking into https://github.com/wahern/luaossl/issues/140 I was
surprised to learn that an SSL_CTX* (and SSL*) does not use many of
the X509_STORE members.
e.g. a store has a X509_VERIFY_PARAMS field, however although an
SSL_CTX* has a related store, it ignores the store's params and uses
For a connection pooling implementation, I need to check that an
existing SSL connection is something that could be approved by a given
I was hoping this would be as simple as doing (error handling omitted
However it appears that I really need to do:
// X509_STORE_CTX_set_verify_cb based on SSL_CTX_get_verify_callback(ctx)
// etc. etc.
Is this complexity warranted?
Is there any plan to remove the redundant fields?
More information about the openssl-users