[openssl-users] SSL_CTX_set_cert_verify_callback and certificate access

Viktor Dukhovni openssl-users at dukhovni.org
Thu Jan 10 17:17:27 UTC 2019

On Wed, Jan 09, 2019 at 08:54:30PM -0600, Corey Minyard wrote:

> What I would like to do is pull out some information from the 
> certificate that is being verified, set/modify the verify store based 
> upon that information (basically chose the CA based upon something in 
> the certificate.  What I really need is X509_STORE_CTX_get_cert(), but 
> that function does not exist,

It does in OpenSSL 1.1.0 and later:

    See X509_STORE_CTX_get0_cert().

In OpenSSL 1.0.2 the structures are not opaque, so Postfix has forward
compatibility macros:



More information about the openssl-users mailing list