[openssl-users] SSL_CTX_set_cert_verify_callback and certificate access

Corey Minyard minyard at acm.org
Thu Jan 10 18:56:24 UTC 2019


On 1/10/19 11:17 AM, Viktor Dukhovni wrote:
> On Wed, Jan 09, 2019 at 08:54:30PM -0600, Corey Minyard wrote:
>
>
>> What I would like to do is pull out some information from the
>> certificate that is being verified, set/modify the verify store based
>> upon that information (basically chose the CA based upon something in
>> the certificate.  What I really need is X509_STORE_CTX_get_cert(), but
>> that function does not exist,
> It does in OpenSSL 1.1.0 and later:
>
>      See X509_STORE_CTX_get0_cert().
>
> In OpenSSL 1.0.2 the structures are not opaque, so Postfix has forward
> compatibility macros:
>
>      https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls.h#L92-L110
>
That's useful, thanks.  The macros are just what I needed.

-corey



More information about the openssl-users mailing list