On 18-01-13 04:26, Patrick Pelletier wrote:
> On 12/10/2012 03:05 AM, Patrick Pelletier wrote:
>
>> So I had been thinking it couldn't be done with the callback. However,
>> after re-reading the manpage for SSL_CTX_set_verify, it sounds like it
>> does get called on success, and is given the oppo
On 12/10/2012 03:05 AM, Patrick Pelletier wrote:
There is a SSL_CTX_set_cert_verify_callback,
but the iSECPartners document says very strongly never to use it, at the
bottom of page 2:
https://github.com/iSECPartners/ssl-conservatory/blob/master/openssl/everything-you-wanted-to-know-about-openss
On 12/10/2012 03:05 AM, Patrick Pelletier wrote:
So I had been thinking it couldn't be done with the callback. However,
after re-reading the manpage for SSL_CTX_set_verify, it sounds like it
does get called on success, and is given the opportunity to fail the
connection. So perhaps I could cal
Oscar Koeroo wrote:
The SSL_CTX_set_verify and SSL_CTX_set_verify_callback are used to validate
the certificate (chain) itself. Useful when OpenSSL triggers a
false-negative on a certificate chain, you have your own extensions build-in
the certificate (think: Microsoft PKI in their deployments or
On 10-12-12 08:36, Nick Mathewson wrote:
> On Sat, Dec 8, 2012 at 6:03 AM, Patrick Pelletier
> wrote:
>
>> However, it's not clear to me how to work the validation function
>> (validate_hostname) into evhttp's control flow. It seems that I would need
>> to call validate_hostname after the TLS h
On Sat, Dec 8, 2012 at 6:03 AM, Patrick Pelletier wrote:
> However, it's not clear to me how to work the validation function
> (validate_hostname) into evhttp's control flow. It seems that I would need
> to call validate_hostname after the TLS handshake occurs, but before evhttp
> starts transfe
I've been writing an https client using OpenSSL and libevent 2.1.2,
using this example as a basis:
http://archives.seul.org/libevent/users/Mar-2012/msg00014.html
and it's mostly doing what I want now. However, one thing I still need
to do is check that the certificate has the correct hostname
