I have a couple of questions about WolfSSL and verifying peer certificates:
- How To Verify Ssl Certificate
- Verify Ssl Cert Is Valid
- Verify Ssl Cert And Key
- Ssl_verify_fail_if_no_peer_cert
How To Verify Ssl Certificate
My applications calls
Fail verification if the peer has no certificate. Ignored unless ssl::verifypeer is set. Const int verifyfailifnopeercert = implementationdefined; Requirements. OpenSSL.SSL.VERIFYFAILIFNOPEERCERT¶ These constants represent the verification mode used by the Context object's setverify method. OpenSSL.SSL.FILETYPEPEM¶ OpenSSL.SSL.FILETYPEASN1¶ File type constants used with the usecertificatefile and useprivatekeyfile methods of Context objects. OpenSSL.SSL.OPSINGLEDHUSE¶ OpenSSL. Sslverifypeer sslverifyfailifnopeercert And it also wants to retrieve the X509 structure of each client's peer certificate in order to use information stored in it. When I use OpenSSL my application does this by calling.
Sv: sslverifyclientcert=yes does not require a client certificate invalid signature! Sebastian Fri, 26 Mar 2021 16:18:21 -0700.
with
And it also wants to retrieve the X509 structure of each client's peer certificate in order to use information stored in it.
Excel merge sheets to one page. When I use OpenSSL my application does this by calling
right after the connection has been established.
But when I use this function with WolfSSL I run into difficulties.
With WolfSSL the SSL_get_peer_certificate() function allways returns a NULL pointer, unless it is called from within
The problem I have with this is that from within verify_callback() I have no meaningfull place to store the information retrieved from any X509 structure.
Thus, I need to call SSL_get_peer_certificate() after the connection has been established and not from within verify_callback().
Is it possible to retrieve the peer certificate X509 structure after the connection has been established?
(Or is this information discarded by WolfSSL after verify_callback() completes, to save memory?)
My second question also relates to the process of verifiying a clients peer certificate.
Do I need to do extra verification when verify_callback() is called with preverify_ok=1 ?
Verify Ssl Cert Is Valid
With openSSL my application checks that SSL_get_verify_result() returns a value of X509_V_OK, but I have noticed that WolfSSL always returns X509_V_OK when you call this function (hardcoded into the C header files).
Verify Ssl Cert And Key
Just to be sure, my application uses a certificate manager to verify the peer certificate (again) like this:
Ssl_verify_fail_if_no_peer_cert
Is this nessesary or can I trust the hardcoded X509_V_OK that SSL_get_verify_result() returns. How can i get my address.