On Tue, May 30, 2017 at 6:51 AM, Niklas Keller <m...@kelunik.com> wrote:
> > do you know how I can check whether a certificate is in the trust store or > not? > > I guess it depends what you want to do. If you want to check if the cert is in cert store loaded in the SSL struct, then you could get it using SSL_get_client_CA_list and then check the resulted STACK_OF(X509_NAME). If you know X509_STORE_CTX, then you should be able to get chain from it using X509_STORE_CTX_get0_chain and then go through it. But not really sure what fits best to your use case. I'd probably need look into OpenSSL internals to see what would be the best solution. Cheers Jakub