Yes, SSL_new() copies several items, including the verify callback, from the
SSL_CTX into the SSL object. This is so that these members can be altered
in the SSL object without altering the SSL_CTX which may be used for
creating other SSL's.
> -----Original Message-----
> From: Colin Fox [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, April 12, 2001 10:59 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Server certificates
>
> Thanks! This was just what we needed. One point to mention: This must be
> done BEFORE calling SSL_new(), as in:
>
> SSL_CTX_set_verify(ctx ,SSL_VERIFY_PEER
> |SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback);
>
> ssl = SSL_new( ctx );
>
> I'm guessing that the context is only looked at once before constructing
> the ssl object, and then not referenced again.
>
> So it works now. Thanks to all who replied, especially Michael. This was
> driving me crazy. :)
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
