[openssl-users] TLS handshake certificate validation options

Thulasi Goriparthi thulasi.goriparthi at gmail.com
Tue Jul 17 21:05:54 UTC 2018


You can register a verify callback function using
X509_STORE_set_verify_cb() and X509_verify_cert() will call this
function, which can be used to by-pass targeted errors like

Check callb function from apps/x509.c


On 16 July 2018 at 20:48, Tong <tongwangchen at gmail.com> wrote:
> Dear openssl-users:
> We have some old certificates that have ill-formed value for the
> subjectAltName extension, causing the TLS handshake to fail.
> Are there any options that can be configured to by-pass the parsing of the
> subjectAltName extension (or all the x509v3 extensions) during TLS
> handshake, without disabling the certificate validation all together?
> Thanks for any suggestions.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list