Message293778
Hi,
I'd like to see this feature too.
My use case is a monitoring script to check the life time of the server certificate, including the chain. I would prefer to have a wrapper around SSL_get_peer_cert_chain.
I understand that this is *not* a verified chain. That's okay.
openssl-1.1 added a new function SSL_get0_verified_chain which may be safer for most applications. Is there any real difference to X509_STORE_CTX_get1_chain?
If you're worried about people misusing these functions, add a warning in the docs and point them to "get_peer_verified_chain"? |
|
Date |
User |
Action |
Args |
2017-05-16 18:53:15 | joernheissler | set | recipients:
+ joernheissler, jcea, pitrou, christian.heimes, asmodai, maker, underrun, dstufft, dsoprea, miki725, mmasztalerczuk, chet |
2017-05-16 18:53:15 | joernheissler | set | messageid: <1494960795.1.0.0679825431828.issue18233@psf.upfronthosting.co.za> |
2017-05-16 18:53:15 | joernheissler | link | issue18233 messages |
2017-05-16 18:53:14 | joernheissler | create | |
|