Certificate Verification
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 03 Mar 2024 08:24:21 UTC
Does SSL_accept actually verify client certificates if they are presented and if there is a verify_callback function. The man page seems to indicate it is not verified, and that needs to be done in the callback. I tried using an expred certificate and openssl correctly determined it was expired, but the preverify_ok value was still 1 and the certificate was accepted. The documentation gives the values for preverify_ok but says nothing about what is checked to determine that value. I tried to chase down the openssl code, but it is very complex. It reminds me of the old saying: I can write Fortran in any language. ;-) -- Doug