[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd & ca cert woes

To: Shoichi Sakane <sakane@kame.net>
Subject: Re: isakmpd & ca cert woes
From: Hakan Olsson <ho@crt.se>
Date: Fri, 13 Jul 2001 16:19:36 +0200 (MET DST)
Cc: <djm@mindrot.org>, <lists@fips.de>, <tech@openbsd.org>

FYI, I just committed an update to isakmpd's x509_cert_validate() to use
the function below in case of failure. It should be more verbose now.

/H

On Fri, 13 Jul 2001, Shoichi Sakane wrote:

> > The validation check happens deep inside X509_verify_cert() in libcrypto.
> > It should be possible to add some verbosity, but OpenSSL's error reporting
> > functions make my head spin.
>
> X509_verify_cert_error_string() might help you.
>

--
Håkan Olsson <ho@crt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4264        & Technology AB

References:
- Re: isakmpd & ca cert woes
  - From: Shoichi Sakane <sakane@kame.net>

Prev by Date: Re: gif interfaces
Next by Date: Re: Exim and IPv6 Help
Prev by thread: Re: isakmpd & ca cert woes
Next by thread: Hmm, PR--1623 helps but..
Index(es):
- Date
- Thread