Newbie questions about callback function specified in SSL_CTX_set_verify.
1) With the function SSL_CTX_set_verify we can specifies a callback function to be used.
If this callback function is called with 'preverify_ok=1', does it mean that the certification chain succeed completely?
Thus does it mean that a call to SSL_get_verify_result afterwards will always return X509_V_OK when the callback function has been called with 'preverify_ok=1'?
Or is it possible that the callback function is called with 'preverify_ok=1'' but that the SSL_get_verify_result returns an error?
2) Is it a good idea to check the common name in the callback function, and adapt the 'preverify_ok' value?
Thus if the callback function is called with 'preverify_ok=1' and the check of the common name failed, then we change in the callback function the value of 'preverify_ok=0' and return 'preverify_ok'?
Thanks,
Kristoffel
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
