On 3/25/16, 17:17 , "openssl-users on behalf of Viktor Dukhovni" <openssl-users-boun...@openssl.org on behalf of openssl-us...@dukhovni.org> wrote:
>>If I ask “is your passport valid”, I expect to be able to repeat this >> question and (as long as this all is within a reasonably short time) get >> exactly the same answer. > >The result of X509_verify_cert() is not just a single error value... >... >Whatever is motivating the desire to call X509_verify_cert() twice >is likely some deficiency (whether actual or perceived) in the >current functionality, and we should probably address the underlying >problem and the not the superficial symptoms. I cannot comment or criticize here, because I’m not at that point (yet?). I’m not using this functionality now, and when I do I’ll probably account for this bit of wisdom (using the correct call sequence). >If you're doing this in the context of SSL, the SSL layer configures >the X509_STORE_CTX with various parameters beyond just >X509_STORE_CTX_init(), and using your own fresh context will not >work well. Most likely, when I do need to use this it wouldn’t be in the context of SSL. But I will remember this (not to use my own fresh context when using SSL) too. ;) Thanks!
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users