On Wed, Nov 21, 2001 at 06:17:21PM +0530, Krishnaswamy R. wrote:
> Iam using a certificate verification callback function as follows
>
> SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, cert_verify_cb);
>
> In the callback function, in addition to the standard certificate
> verification done by OpenSSL, i need to check the subject-name
> of the peer certificate.
> Since the callback function is called for every certificate in the
> certificate chain, from the parameter X509_STORE_CTX *,
> how do I know if the current certificate is the peer certificiate?
man SSL_CTX_set_verify:
The depth count is "level 0:peer certificate", "level 1: CA
certificate", "level 2: higher level CA certificate", and so on.
with
depth = X509_STORE_CTX_get_error_depth(ctx);
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
