Hi, after first establishing a session, the verify_result can be obtained via SSL_get_verify_result(SSL *con), it may yield X509_V_OK or not! When reloading an old session, the certificate is not checked again; as verify_result is not stored in SSL_SESSION (at least I didnīt find it) and the default value is X509_V_OK, SSL_get_verify_result() will return ok even for a certificate, that was not ok! 1. Is this behaviour intended? 2. How can I easily call the X509 verifcation routines? It seems, that a lot of things have to be set up correctly (X509_STORE_CTX) to recheck a certificate. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]