In my VPN client I'd like to warn the user when their certificate is almost out of date.
Is there a way to get the client certificate from the SSL_CTX after the client cert has been loaded? As discussed elsewhere, it's quite painful for an application simply to undertake the task of "load a client certificate provided by the user". If I want to check the notAfter date of the certificate, however, it seems to get even more painful. I can't find a way to get the certificate back from the CTX, so... ... for PKCS#12 certs, we keep a pointer to the X509 structure we add as we parse it. ... for PEM certs and TPM 'blobs' we actually have to re-parse the file because SSL_CTX_use_certificate_chain_file() doesn't let us see the X509 (and the alternative is open-coding a reimplementation of that function). On the whole, it just makes the whole thing even more horrid. And I was quite pissed off with it already. Am I missing something? http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/1b9a2db4 -- dwmw2 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
