On Tue, Nov 16, 1999 at 08:08:21PM -0800, Claus Assmann wrote:
> Thanks for the notification. A related question:
> If the callback always returns 1, does
> SSL_get_verify_result()
> nevertheless return the correct value?
> i.e., X509_V_OK iff the certificate could be verified?
Yes, if the application verification callback calls X509_verify_cert
or otherwise sets ctx.error. The value in ctx.error is always copied
into s->verify_result, which is what SSL_get_verify_result returns.
What my latest change to the SSL library does is make sure that this
value is also restored when the application verification callback is
not called because the session is found in cache so that no
certificates appear in the handshake.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
