1.0.2 to 1.1 migration problem with verify_callback()
Remy Lebeau
remy at lebeausoftware.org
Thu Aug 8 01:27:23 UTC 2019
In my verify callback (for 1.0.2, mind you), I use
X509_STORE_CTX_get_app_data(ctx) to get the SSL* pointer.
X509_STORE_CTX_get_app_data(ctx) is a macro in OpenSSL's "x509_vfy.h"
header file that maps to X509_STORE_CTX_get_ex_data(ctx,0) (why doesn't
it use SSL_get_ex_data_X509_STORE_CTX_idx() instead of 0?).
Remy Lebeau
Lebeau Software
On 8/5/2019 7:40 AM, Matt Caswell wrote:
> From within your callback you can do this to get hold of the SSL object:
>
> SSL *s = (SSL *)X509_STORE_CTX_get_ex_data(ctx,
> SSL_get_ex_data_X509_STORE_CTX_idx());
>
> And then this to get hold of the hostname requested:
>
> const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190807/75b8740f/attachment.html>
More information about the openssl-users
mailing list