On Fri, Apr 27, 2001 at 09:51:07AM -0400, George Lind wrote:
> Within the verify callback function X509_STORE_CTX_get_error(ctx) returns a
> 26 which is "unsupported certificate purpose". The callback function than
> checks the verify depth. Since this is within the depth range the
> certificate is "OK". What exactly does that error message mean and why is
> the certificate considered OK.
The default verify_callback returns 1 and thus indicates "continue with
the verification process". The error "26" is however still saved for the
error code and can be queried after the handshake with SSL_get_verify_result().
Please check out the SSL_CTX_set_verify() manual page with its included
verify_callback() example for alternative behaviour (hard failure).
"unsupported certificate purpose" means, that the certificate presented
does not match the specified purpose. Consider Thawte giving you a
certificate for an "SSL server". If you are going to use this certificate
for an "SSL client", you will get this error.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
