[openssl-users] TLS handshake certificate validation options
Thulasi Goriparthi
thulasi.goriparthi at gmail.com
Tue Jul 17 21:05:54 UTC 2018
Hello,
You can register a verify callback function using
X509_STORE_set_verify_cb() and X509_verify_cert() will call this
function, which can be used to by-pass targeted errors like
X509_V_ERR_INVALID_PURPOSE etc.
Check callb function from apps/x509.c
Thanks,
Thulasi.
On 16 July 2018 at 20:48, Tong <tongwangchen at gmail.com> wrote:
> Dear openssl-users:
>
> We have some old certificates that have ill-formed value for the
> subjectAltName extension, causing the TLS handshake to fail.
>
> Are there any options that can be configured to by-pass the parsing of the
> subjectAltName extension (or all the x509v3 extensions) during TLS
> handshake, without disabling the certificate validation all together?
>
> Thanks for any suggestions.
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
More information about the openssl-users
mailing list