> On Aug 17, 2018, at 10:52 PM, Daurnimator <[email protected]> wrote:
>
> I understand the current design; but I'm left wondering why it has an
> additional store member when VERIFY_PARAMS has the field there
> already.
> The design would seem to be much cleaner if all criteria for
> verification are taken from a single object.
They are taken from a single object, the X509 store associated with
the SSL_CTX, which is used to verify the peer per SSL_CTX_set_verify().
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
