On Fri, Dec 07, 2001 at 04:30:21PM -0800, D. K. Smetters wrote:
> I was wondering about the state of support for the argument to
> app_verify_callback. This callback is set by
> SSL_CTX_set_cert_verify_callback to allow the application to
> override the standard verification behavior and was supposed
> to take an app-supplied argument.
I had a short look into the source. Your statement is correct.
I also do not see a reason, why it should not be supported.
You are welcome to submit a patch for inclusion into 0.9.7
(I could also write one myself, but my time is pretty limited
these days).
> The OpenSSL code currently stores that argument and then ignores
> it -- it doesn't pass it on to the callback function at all.
> Comments in the code indicate that people know this, and vary as
> to whether they indicate that it ought to be fixed. The
> documentation still mentions the argument, but has a hasty
> add-on noting that it is currently ignored. Comments in the
> openssl-user mailing list indicate that this is not heavily used,
> so it wouldn't break the world to fix it. (In contrast to adding
> a similar argument to the default_verify_callback, which would be
> nice, but would probably break too much of the world.)
With respect to the verify_callback: changing the API would probably
break too many applications. For Postfix/TLS I utilize the ex_data
feature of the SSL object, for which the verification process is
being performed. This allows to pass connection related verification
information.
> I wanted to know whether someone had decided at some point that
> it ought to stay this way, or whether there was any hope of getting
> a fix into 0.9.7 (it's a ~3-line change, and I'd be happy to supply
> diffs).
>
> (And before you ask, yes, I do have a perfectly reasonable reason
> for wanting to use this which I am happy to explain, but left out
> for brevity's sake.)
You are invited to explain your reasons, if you consider it to be of
interested for other readers of this list. One advantage of mailing lists
is that they can be very informative and stimulating, because you
get an insight into other peoples work.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
