RE: Peer certificate verification in verify_callback

2020-04-02 Thread Michel
st() and the like as mentioned in X509_STORE_add_cert man page or something else ? Regards, Michel -Message d'origine- De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Viktor Dukhovni Envoyé : lundi 30 mars 2020 23:19 À : openssl-users@openssl.org Objet : Re: Peer certificate v

Re: Peer certificate verification in verify_callback

2020-03-30 Thread Jason Schultz
From: openssl-users on behalf of Viktor Dukhovni Sent: Monday, March 30, 2020 9:19 PM To: openssl-users@openssl.org Subject: Re: Peer certificate verification in verify_callback On Mon, Mar 30, 2020 at 09:02:47PM +, Jason Schultz wrote: > I won't get into the details of

Re: Peer certificate verification in verify_callback

2020-03-30 Thread Viktor Dukhovni
On Mon, Mar 30, 2020 at 09:02:47PM +, Jason Schultz wrote: > I won't get into the details of my application as it's complex, but it > can act as a client or a server. The case we are worried about is > obviously when it's acting as a client. I thought the standard way of > dealing with these

Re: Peer certificate verification in verify_callback

2020-03-30 Thread Jason Schultz
users on behalf of Viktor Dukhovni Sent: Monday, March 30, 2020 6:17 PM To: openssl-users@openssl.org Subject: Re: Peer certificate verification in verify_callback On Thu, Mar 05, 2020 at 02:04:27PM +, Jason Schultz wrote: > I have some questions about my application’s verify_callback() fu

Re: Peer certificate verification in verify_callback

2020-03-30 Thread Viktor Dukhovni
On Thu, Mar 05, 2020 at 02:04:27PM +, Jason Schultz wrote: > I have some questions about my application’s verify_callback() function and > how I handle some of the OpenSSL errors. You're going about this the wrong way. Instead of tryign (likely insecurely) to patch up verification errors

Re: Peer certificate verification in verify_callback

2020-03-30 Thread Jeremy Harris
On 30/03/2020 17:01, Jason Schultz wrote: > For example, if my client application is presented a self-signed certificate > in the handshake, verify_callback() is called with an error, for which > X509_STORE_CTX_get_error() returns 18/X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT. > In this case, my

Re: Peer certificate verification in verify_callback

2020-03-30 Thread Jason Schultz
Subject: Peer certificate verification in verify_callback I have some questions about my application’s verify_callback() function and how I handle some of the OpenSSL errors. For example, if my client application is presented a self-signed certificate in the handshake, verify_callback

Peer certificate verification in verify_callback

2020-03-05 Thread Jason Schultz
I have some questions about my application’s verify_callback() function and how I handle some of the OpenSSL errors. For example, if my client application is presented a self-signed certificate in the handshake, verify_callback() is called with an error, for which X509_STORE_CTX_get_error()