1.0.2 to 1.1 migration problem with verify_callback()

Remy Lebeau remy at lebeausoftware.org
Thu Aug 8 01:27:23 UTC 2019

In my verify callback (for 1.0.2, mind you), I use 
X509_STORE_CTX_get_app_data(ctx) to get the SSL* pointer. 
X509_STORE_CTX_get_app_data(ctx) is a macro in OpenSSL's "x509_vfy.h" 
header file that maps to X509_STORE_CTX_get_ex_data(ctx,0) (why doesn't 
it use SSL_get_ex_data_X509_STORE_CTX_idx() instead of 0?).

Remy Lebeau
Lebeau Software

On 8/5/2019 7:40 AM, Matt Caswell wrote:
>  From within your callback you can do this to get hold of the SSL object:
> SSL *s = (SSL *)X509_STORE_CTX_get_ex_data(ctx,
> SSL_get_ex_data_X509_STORE_CTX_idx());
> And then this to get hold of the hostname requested:
> const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190807/75b8740f/attachment.html>

More information about the openssl-users mailing list