As far as I know, I managed to convince them to take a patch to fix this very thing for 0.9.7 (to use the app_verify_arg). I don't think it's devolved back out, but I should check....Last I knew it was in the 0.9.7 release track.
--d Rich Salz wrote: > We want to write our own cert verification routine, but we need to pass > our own data down into the routine. No prob, the context has > app_verify_arg. Hooray :) But it's unused. Boo :( > > We don't want to diverge from the source if we don't have to. Should we > add a ex_callback function pointer that can be set, so it gets the > context and the app_verify_arg? Should we just change the code so the > app_verify_arg is always passed in? Are we the only ones asking for > this? (I can't imagine; how do folks write their own verification?) > > Hmm. Let me step back a bit and ask the bigger question: we have a > collection of certs, both CA certs and end-entity certs. We want to > verify the SSL identity if it is either one of our trusted end-entities, > or signed by one of our CA's. Is that easy to do using the current API? > /r$ > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
