I posted this question to -users , but didn't get a reply. Orginally I was using SSL_get_peer_cert_chain() func, which I though was giving me the cert chain built up to verify the peer cert, from the certs that i added to the SSL_CTX->cert_store , but then I discovered that it really is the cert chain given by the client during the TLS handshake. That the ssl_verify_cert_chain func throws away the chain built up in X509_verify_cert.
Am I correct that if I need to traverse the cert chain that used to validate the peer cert , post handshake, I need to do the same steps as ssl_verify_cert_chain() in my code, so as to get a cert chain so I can utilize for my post validation. Or am my miss reading the code. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
