On Thu, Dec 03, 2015 at 05:00:12PM +0000, Nounou Dadoun wrote:
> Calling
> X509_STORE_CTX_set_error(ctx, X509_V_OK);
> Is actually what I'm doing already but I was worried that it would then
> ignore any other errors (e.g. bad signature etc.);
No, because is error is reported separately, and you're not setting
"ok = 1" for the other errors.
> I'd actually thought
> the errors might be ORed together but that doesn't look like the case.
Each error is reported separately.
> So does it invoke the callback for each error (which is sort of a convoluted
> way of ORing)?
Yes, though I don't think of it as "ORing".
> If I say ok to EXPIRED will it catch a bad signature?
Yes.
--
Viktor.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
