Hi,
after first establishing a session, the verify_result can be obtained
via SSL_get_verify_result(SSL *con), it may yield X509_V_OK or not!
When reloading an old session, the certificate is not checked again;
as verify_result is not stored in SSL_SESSION (at least I didnīt find it)
and the default value is X509_V_OK, SSL_get_verify_result() will return
ok even for a certificate, that was not ok!
1. Is this behaviour intended?
2. How can I easily call the X509 verifcation routines? It seems, that a
lot of things have to be set up correctly (X509_STORE_CTX) to recheck
a certificate.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
