Hello,
In 1.0.0beta it seems that the interface between
the certificate verify callback and the store context
has slightly changed.
The X509_STORE_CTX_get_current_cert may now
return NULL which was not the case before the
introduction of policy checking.
Is it the responsibility of the callback not to assume
a non-null pointer now, for example not to simply
call X509_oneline to format the cert subject?
At least the verify callbacks currently in use in
apps check this (except for s_cb which is used
by s_server, but which is not yet affected).
The example in the openssl docs uses
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
but also:
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert)
Thanks in advance for any information.
Peter Sylvester
______________________________________________________________________
OpenSSL Project
http://www.openssl.orgUser Support Mailing List
openssl-users@...
Automated List Manager
majordomo@...
