Identifying peer cert in verify_callback

[Krishnaswamy R.]

Hi all,

Iam using a certificate verification callback function as follows

SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, cert_verify_cb);

In the callback function, in addition to the standard certificate
verification done by OpenSSL, i need to check the subject-name
of the peer certificate.
Since the callback function is called for every certificate in the
certificate chain, from the parameter X509_STORE_CTX *,
how do I know if the current certificate is the peer certificiate?

Any inputs/pointers will be greatly appreciated.

thanks,
Krishna


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Identifying peer cert in verify_callback

[Lutz Jaenicke]

On Wed, Nov 21, 2001 at 06:17:21PM +0530, Krishnaswamy R. wrote:
 Iam using a certificate verification callback function as follows
 
 SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, cert_verify_cb);
 
 In the callback function, in addition to the standard certificate
 verification done by OpenSSL, i need to check the subject-name
 of the peer certificate.
 Since the callback function is called for every certificate in the
 certificate chain, from the parameter X509_STORE_CTX *,
 how do I know if the current certificate is the peer certificiate?

man SSL_CTX_set_verify:
  
  The depth count is level 0:peer certificate, level 1: CA
  certificate, level 2: higher level CA certificate, and so on.

with
  depth = X509_STORE_CTX_get_error_depth(ctx);

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]