SSL_get0_verified_chain was exactly what I needed, thanks!
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: Friday, October 25, 2019 11:55 AM
To: openssl-users@openssl.org
Subject: Re: Retrieve CA for client cert from SSL*
> On Oct 25, 2019, at 5:38 PM,
> On Oct 25, 2019, at 5:38 PM, Jan Just Keijser wrote:
>
>> Is there a way to figure out which CA the server used to validate the client
>> certificate?
>
> on the server side? you would have to write your own verify callback to
> intercept the certificate stack as it is processed. That
Is looking at the IssuerDN good enough?
On 24/10/19 19:55, Fen Fox wrote:
Is there a way to figure out which CA the server used to validate the
client certificate?
on the server side? you would have to write your own verify callback to
intercept the certificate stack as it is processed. That way, you can
monitor which CA