Pre-Check User Certificate for TLS
Kreissl, Jochen
Jochen.Kreissl at vector.com
Wed Feb 22 14:18:24 UTC 2023
Hi,
I'd like to perform a preliminary (programmatical) check as to whether a given certificate (chain) can be used for TLS operations (given a configured SSL_CTX if required) or not.
Is there any easy way to achieve this?
Background:
I get the Certs to use via an external library and it may happen that the user has configured something wrong and I end up getting something like an RSA certificate for a TLS 1.3-only Server (which doesn't work obviously).
Now if I just proceed with starting the handshake, I'll get very unhelpful openssl errors, e.g. version_negotiation_failed - which have little to do with the actual problem at hand.
Thus, I'd like to try and pre-check and at least warn/log something to help troubleshoot the issue.
Thanks for the help
Jochen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230222/1d338a20/attachment.htm>
More information about the openssl-users
mailing list