On terça-feira, 13 de agosto de 2013 19:11:16, Florian Weimer wrote:
> // Initialize peer verification.
> if (configuration.peerVerifyMode == QSslSocket::VerifyNone) {
> q_SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
> } else {
> q_SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, q_X509Callback);
> }
>
> The same callback is used there. But if it's registered in this manner,
> it's not called by the OpenSSL while building the client certificate chain.Makes sense. I'm located in the US, so I'm not allowed to modify the SSL code. If you're in the US, you're not either. And now here's an interesting question: are people working for American companies allowed to modify the SSL code? > > If there's a better API for it than a global callback that doesn't get a > > context token passed, we're all ears > > You could use a multi-map with the X509_STORE_CTX * as the key instead > of a list. The pointer should be available from the SSL_CTX via > SSL_CTX_get_cert_store, and it should be specific to that SSL_CTX. Sorry, I'm not sure I understood that. Sounds like we still have a global. I'd like to obtain the list of error conditions and for each condition the associated certificate (or depth) without a global variable. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
