Ron Ramsay wrote:
> Thanks for the extensive reply.
>
> A part of your answer is reproduced below.
>
> I don't think handling the depth internally (which is a good thing)
> completely removes the need for a callback.
I agree, sometimes you need to handle "special" situations when verifying
certificates. And its in the callback, where you can actually check why a
certificate failed, and hence act on the failure, or pass back some useful
information back to your application.
> Another reason for requiring
> a callback is to obtain the certificate status. This could be achieved
> with a certificate status callback. With the code as it stands today,
> however, the best place to verify the status of the certificate would
> seem to be in the verify callback.
>
> Ron.
>
> ------
>
> > But anyway I think that it shouldn't be necessary to use a verify
> > callback function. I've recently added functions to the SSL API that
> > allow defining a verification depth, because this is something that
> > the library should be able to do, and there _is_ support for it in the
> > X.509 library (but the X.509 library does not yet produce the right
> > error code when the length is exceeded).
> >
> >
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
