When I come through my verify_callback routine, I get called successively with descending certificate depths: the first time through X509_STORE_CTX_get_error_depth() is 1 and the second time it is 0. So it would seem to me that "the depth/length of the whole chain" is available as the value of X509_STORE_CTX_get_error_depth() on the first pass through the verify_callback.
Or perhaps I have misunderstood the question. Charles -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Sven Anders Sent: Monday, September 03, 2012 12:57 AM To: openssl-users@openssl.org Subject: Verify depth / get chain length Hello, I'm using the OpenSSL library for a HTTP proxy. I want to verify the server's certificates and I use the verify-callback for this. This works without problems. My question is: Is it possible to get the depth of the whole certificates chain in the verify function? I know, that I can get the current depth of the certificate that is currently checked, but can I get the depth/length of the whole chain? If this is not possible, is it possible to call a callback before the verify-callback to get the depth? Regards Sven Anders -- Sven Anders <and...@anduras.de> () UTF-8 Ribbon Campaign /\ Support plain text e-mail ANDURAS intranet security AG Messestrasse 3 - 94036 Passau - Germany Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55 Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. - Benjamin Franklin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
