On Thu, Dec 18, 2008 at 12:37 PM, Nelson B Bolyard <nel...@bolyard.me> wrote: > DanKegel wrote, On 2008-12-18 12:12: >> http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1088928 >> says "To obtain the certificate that was rejected by the certificate >> authentication callback, the callback function calls >> SSL_PeerCertificate." > > The sentence above could be clarified by inserting the words "bad > certificate", so that it reads "... the bad certicicate callback function > calls SSL_PeerCertificate".
Done. >> And it really does mean the callback function. Once that returns, the >> information is destroyed, and SSL_PeerCertificate will fail. > > Yeah, once the handshake is over, much of the info it used is gone, > unless the application makes its own copy during the handshake. I added a note: once the bad-certificate callback function returns, the peer certificate is destroyed, and SSL_PeerCertificate will fail. Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto