You can write your own callback in replacement for the cb (default) one.
No your probably correct. If your using certs with the SSL part of the
library, check out the files in the ssl directory, there are things in there
like useCertificate ... which are handy.
Your probably correct about the X509_STORE_load_locations() function, but when
verifying
it should tell you that it can't find the Issuer cert.
BTW if you step through it (the ssleay verify function) and can figure out what its
doing
when its doing the hashing of the CA certificates. Let me know, it must the most
convoluted things I've ever seen.
Good Luck
Jason.
P.S
I'll be away for two weeks, so I may not be able to reply very quickly after today.
-----Original Message-----
From: Ron Ramsay [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, May 05, 1999 4:50 PM
To: '[EMAIL PROTECTED]'
Subject: X509_STORE_load_locations
X509_STORE_load_locations() ignores the return value from
X509_LOOKUP_load_file().
Giving the wrong name of the file containing the CA certificate will not
produce any errors until the code is required to verify a certificate.
Note that the sample callback (verify_callback()) for X509_verify_cert()
always converts NOT_OK to OK if the depth is less than (10). This
doesn't seem to be a good idea. Am I missing something?
I'm using OpenSSL 0.9.2b.
Ron.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
