Perrow, Graeme wrote:
I'd like to add the ability for my (client) application to use the
Windows certificate store to verify a server's certificate during an
SSL handshake. I've created a callback and set it using
SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER, mycallback ). Inside that
callback, I can retrieve information about the server's certificate
and can also enumerate through the certificates in the certificate store.
But then what? Is there a way to tell OpenSSL "Please verify the
server's certificate using this trusted certificate"? In the case when
the client supplies the trusted certificate in advance, I can pass it
to X509_STORE_add_cert before the handshake but can I do that *during*
the handshake? Can I simply get the PEM / DER information for both
certificates and memcpy them?
wasn't support for this added via the crypto engine 'capieng' ? Rebuild
openssl using
./config enable-capieng
and use the CAPI engine.
HTH,
JJK