In message <rt-4.0.19-13376-1469461907-1144.4602-...@openssl.org> on Mon, 25 Jul 2016 15:51:47 +0000, "msa...@nikhef.nl via RT" <r...@openssl.org> said:
rt> The point is that if OpenSSL is providing a verification callback which rt> can be used to provide a custom verification of the cert chain, then it rt> should provide the necessary handles and the thing still missing from rt> what Richard proposed is a way to point to the failing certificate in rt> the chain. We can set the error, but not at which depth in the chain the rt> error occurred. rt> This in itself is not limited to our use-case but is a general API rt> request. Looking around, I just discovered that someone else has had the same thoughts as you, back in April. These functions were added back then: void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev