On Mon, Jul 25, 2016 at 01:44:18PM +0000, Salz, Rich via RT wrote:
> I am not sure what to suggest. This conversation is bouncing across
> two ticket systems and is all about a legacy certificate format that
> is, what, outdated since 2002?
> I am hard-pressed to see why OpenSSL 1.1 has to do anything other than
> what Richard proposed.
The two ticket systems is indeed annoying and I don't know what to do
about that (I did not start this thread) other than removing one of
them.
The point is that if OpenSSL is providing a verification callback which
can be used to provide a custom verification of the cert chain, then it
should provide the necessary handles and the thing still missing from
what Richard proposed is a way to point to the failing certificate in
the chain. We can set the error, but not at which depth in the chain the
error occurred.
This in itself is not limited to our use-case but is a general API
request.
Mischa
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
> Please log in as guest with password guest if prompted
>
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email msa...@nikhef.nl
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
