Qt installs a verification callback like this | // Register a custom callback to get all verification errors. | X509_STORE_set_verify_cb_func(ctx->cert_store, q_X509Callback);
ctx is an SSL_CTX *. This callback is invoked not just to verify the server certificate, but also when OpenSSL tries to complete the certificate chain before sending the client certificate. OpenSSL clears errors resulting from this, but it cannot roll back the effects of calling the callback. Are these callback invocations expected behavior?
-- Florian Weimer / Red Hat Product Security Team ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
