[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls error messages

Ralf Haferkamp wrote:

In case of certificate verification failures I'd like to include the
verification error message ("certificate has expired", "unable to get issuer
certificate", ...) in the diagnostic errormessage.
For that I need pass the tls_session* as an extra argument to the
TI_session_errmsg functions (for openssl I need the SSL* handle to get the
verification error). Does anyone see a problem with this?

No problem, that's a completely internal API, can change as needed.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/