I was wondering about the state of support for the argument to app_verify_callback. This callback is set by SSL_CTX_set_cert_verify_callback to allow the application to override the standard verification behavior and was supposed to take an app-supplied argument.
The OpenSSL code currently stores that argument and then ignores it -- it doesn't pass it on to the callback function at all. Comments in the code indicate that people know this, and vary as to whether they indicate that it ought to be fixed. The documentation still mentions the argument, but has a hasty add-on noting that it is currently ignored. Comments in the openssl-user mailing list indicate that this is not heavily used, so it wouldn't break the world to fix it. (In contrast to adding a similar argument to the default_verify_callback, which would be nice, but would probably break too much of the world.) I wanted to know whether someone had decided at some point that it ought to stay this way, or whether there was any hope of getting a fix into 0.9.7 (it's a ~3-line change, and I'd be happy to supply diffs). (And before you ask, yes, I do have a perfectly reasonable reason for wanting to use this which I am happy to explain, but left out for brevity's sake.) thanks, Diana Smetters =============================== D.K. Smetters, Ph.D. Member of the Research Staff Xerox Palo Alto Research Center ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
