Message301525
Yes, from an application perspective there is an import difference between X509_STORE_CTX_get1_chain() and SSL_get0_verified_chain(). X509_STORE_CTX is a temporary object. It is only available during the handshake and while the trust chain is built and verified. Once the chain is verified, it is no longer available.
SSL_get0_verified_chain() sounds like an actual good solution. Thanks for pointing it out. |
|
Date |
User |
Action |
Args |
2017-09-06 21:42:30 | christian.heimes | set | recipients:
+ christian.heimes, jcea, pitrou, asmodai, maker, underrun, dstufft, dsoprea, miki725, mmasztalerczuk, chet, joernheissler |
2017-09-06 21:42:30 | christian.heimes | set | messageid: <1504734150.25.0.969848477715.issue18233@psf.upfronthosting.co.za> |
2017-09-06 21:42:30 | christian.heimes | link | issue18233 messages |
2017-09-06 21:42:30 | christian.heimes | create | |
|