We want to write our own cert verification routine, but we need to pass
our own data down into the routine. No prob, the context has
app_verify_arg. Hooray :) But it's unused. Boo :(
We don't want to diverge from the source if we don't have to. Should we
add a ex_callback function pointer that can be set, so it gets the
context and the app_verify_arg? Should we just change the code so the
app_verify_arg is always passed in? Are we the only ones asking for
this? (I can't imagine; how do folks write their own verification?)
Hmm. Let me step back a bit and ask the bigger question: we have a
collection of certs, both CA certs and end-entity certs. We want to
verify the SSL identity if it is either one of our trusted end-entities,
or signed by one of our CA's. Is that easy to do using the current API?
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
