On 18/10/2017 11:14, Matt Caswell wrote:
On 17/10/17 21:27, Chris Bare wrote:
I have the following code:
setup_ssl (char *server_name, char *port, SSL_CTX *ctx)
{
BIO *output = BIO_new_ssl_connect (ctx);
if (!output)
{
return (NULL);
}
BIO_get_ssl (output, );
➢ I was more talking about the parsing. Currently I have 40 LOC [1] to
Look at X509_get1_ocsp which is in crypto/x509v3/v3_utl.c That’s in 1.0.2 and
later
➢ > X509_CRL_verify. And yes, looking through to find the serial# is what you
have to do.
➢ That's 1.1-specific, correct?
Hi Rich,
On 18-10-17 17:46, Salz, Rich via openssl-users wrote:
> ➢ I used libcrypto to parse out the OCSP URL from the certificate validate
> it against a whitelist of valid OCSP URLs, send an OCSP request and
> validate the response and its signature against a custom certificate
>
In message <131801d34857$50fe15e0$f2fa41a0$@mcn.org> on Wed, 18 Oct 2017
14:23:18 -0700, "Charles Mills" said:
charlesm> Sorry – OpenSSL is not what I do every day.
charlesm>
charlesm> I see in the man pages a reference to crypto/threads/mttest.c.
That's the 1.0.2 manpages,