On Mon, 29 Oct 2018, [email protected] wrote:
Oh my. I thought I need to return OpenSSL error code because current code
base is doing so.
https://github.com/curl/curl/blob/e97679a360dda4ea6188b09a145f73a2a84acedd/lib/vtls/openssl.c#L3325
lerr = *certverifyresult = SSL_get_verify_result(BACKEND->handle);
Hm, you're right of course. But this isn't documented... An interesting
situation.
Gah, why did we do it like that! I can only see that only NSS and OpenSSL ever
support this.
Okay, what about this adjusted plan:
Create a new info flag ("CURLINFO_SSL_VERIFIED" ?) that works the way I
described it, that can return certificate verification details in a SSL
backend agnostic way and we document that clearly and as preferred over
CURLINFO_SSL_VERIFYRESULT.
What do you think? (It also needs a separate proxy version.)
--
/ daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
