Working inside X509_STORE_CTX using verification callbacks

Viktor Dukhovni openssl-users at
Wed Sep 25 17:16:50 UTC 2019

On Wed, Sep 25, 2019 at 11:22:26AM +0000, Simon Edwards wrote:

>   void X509_STORE_CTX_set0_current_issuer(X509_STORE_CTX *ctx, X509 *cert)
>   {
>        ctx->current_issuer = cert;
>   }

Can you provide a motivating use-case for this accessor?  In
verification callbacks this lets you peek not only at the current
certificate, but also its issuer, but setting this has no useful

I've not looked at the CRL check code closely enough to know whether
there's a use-case there, but at first glance it looks unlikely.


More information about the openssl-users mailing list