I'd like to add the ability for my (client) application to use the Windows certificate store to verify a server's certificate during an SSL handshake. I've created a callback and set it using SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER, mycallback ). Inside that callback, I can retrieve information about the server's certificate and can also enumerate through the certificates in the certificate store.
But then what? Is there a way to tell OpenSSL "Please verify the server's certificate using this trusted certificate"? In the case when the client supplies the trusted certificate in advance, I can pass it to X509_STORE_add_cert before the handshake but can I do that *during* the handshake? Can I simply get the PEM / DER information for both certificates and memcpy them? Thanks for any advice Graeme Perrow
