Right now I have a big callback function that looks into the DNS and then validate the certificate. That seems to work well for usage 1, and I should be able to get it to work for usage 0.
For usage 2 though I think I may need a different approach, where I might need to lookup the DNS record, stick the cert into the X509_STORE_CTX and then pass it to a callback, or directly to verify_cert function.
No comments:
Post a Comment