Server trust evaluation in openssl

[dhanesh ov]

Hi,

Can anyone tell how the server trust evaluation can be customized in openssl? We are using openssl in iOS and need to customize the server trust evaluation in openssl using self signed certificate.

Thanks.

[Jeffrey Walton]

I believe you are interested in SSL_CTX_set_verify(3) and
SSL_set_verify(3) callback.
https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html.

There are additional examples of its use in the source code. See, for
example, <openssl src>/apps/s_client.c.

Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

[dhanesh ov]

Hi Jeff,

Thanks for your inputs.

I am basically looking for below.

I am using openssl in iOS device for an SSL server along with self signed certificate. Problem is that if i install a self signed CA certificate manually into the iOS device, SSL handshake with client works, otherwise it is always failing. So I am looking for an openssl API which will help me to add self signed CA certificate to trusted store(because server is running with openssl) so that i can make this openssl handshake successful.

Can you please let me know how can I achieve this? Thank you.