Author joernheissler
Recipients asmodai, chet, christian.heimes, dsoprea, dstufft, jcea, joernheissler, maker, miki725, mmasztalerczuk, pitrou, underrun
Date 2017-05-16.18:53:14
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1494960795.1.0.0679825431828.issue18233@psf.upfronthosting.co.za>
In-reply-to
Content
Hi,
I'd like to see this feature too.

My use case is a monitoring script to check the life time of the server certificate, including the chain. I would prefer to have a wrapper around SSL_get_peer_cert_chain.
I understand that this is *not* a verified chain. That's okay.

openssl-1.1 added a new function SSL_get0_verified_chain which may be safer for most applications. Is there any real difference to X509_STORE_CTX_get1_chain?

If you're worried about people misusing these functions, add a warning in the docs and point them to "get_peer_verified_chain"?
History
Date User Action Args
2017-05-16 18:53:15joernheisslersetrecipients: + joernheissler, jcea, pitrou, christian.heimes, asmodai, maker, underrun, dstufft, dsoprea, miki725, mmasztalerczuk, chet
2017-05-16 18:53:15joernheisslersetmessageid: <1494960795.1.0.0679825431828.issue18233@psf.upfronthosting.co.za>
2017-05-16 18:53:15joernheisslerlinkissue18233 messages
2017-05-16 18:53:14joernheisslercreate