Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99283 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 77759 invoked from network); 30 May 2017 20:11:58 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 30 May 2017 20:11:58 -0000 Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.169 as permitted sender) X-PHP-List-Original-Sender: jakub.php@gmail.com X-Host-Fingerprint: 209.85.161.169 mail-yw0-f169.google.com Received: from [209.85.161.169] ([209.85.161.169:32798] helo=mail-yw0-f169.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B8/C5-43873-C02DD295 for ; Tue, 30 May 2017 16:11:57 -0400 Received: by mail-yw0-f169.google.com with SMTP id p73so44979000ywp.0 for ; Tue, 30 May 2017 13:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=CZ0ltoT4M2xSDIxVWaVhE03wG4RG4I6OsLRc5HFm4lo=; b=kbq2xSzfJqSfLRWMVusQBfoLJ0yVNxP1CXUplDz5v2ri8Gb3vLZBj1na/jtVle+os0 Ax/7JZ0tZRaLQYmmP/FZM5hMxfhmpSc7IuP61nE3dU81hha9ZZikTByZni2K7/v6hLhV 0zTwaLKIWfFJ2zAwAqIXsNpMXHzEQaeoERlE/WEi/ZzApb+GohGYAcnOcOH7z/rK8ZRU 7XPY/Cl+nA1eCjXWUitjZeXRJr5dlbWtLshoACiAiazkiCndnPSu6QsOrsbqiVOvIhxi BZqMcOSR2v1HfHocvvIsC+yQ47Mw12ger8w1aTnTfbQiDTQWwygZcEHHfIoofsx4N64S qiWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=CZ0ltoT4M2xSDIxVWaVhE03wG4RG4I6OsLRc5HFm4lo=; b=XKOHg7PI0TOYA0AmNDWSl1yVA6Sz0yyZYmQhs1752Exj550GVkpexPy+mF5l/Pflr+ Y0uTHhvLV3zY74snzi/Dxa1E7P87Lc98pX8/bFYFtxHWyd9CllBzrHogdn8M9EdaERee cmvkrk4Oys1hI6kK0S4c8h5f9BEXxC7zZmplRuBW7LsX/2byghQRwec8nA4oDFsMmqty TgCa3WM8ZEDk296DaCgrcqhyko2E5htJ5c12LUMv+EpuRkomruiO8sLGE7b8Uf73uP0G rBs3H9VA2OkfrAdJHUh44U1WZQeVBOMZcDWcw/8a6e/pRohGmbRqYuEIR1pHLwYkza3s l2gw== X-Gm-Message-State: AODbwcCpCA0dMIYFBUeTF1n6YGrFKe4Kg0vw1g2fNjuZhzmWXKOWeglb KOkHa1qDjar7maI19ZyffMOcdbgYZJxA X-Received: by 10.13.208.3 with SMTP id s3mr18458879ywd.315.1496175113782; Tue, 30 May 2017 13:11:53 -0700 (PDT) MIME-Version: 1.0 Sender: jakub.php@gmail.com Received: by 10.129.85.81 with HTTP; Tue, 30 May 2017 13:11:53 -0700 (PDT) In-Reply-To: References: Date: Tue, 30 May 2017 21:11:53 +0100 X-Google-Sender-Auth: xrx4glUl1OveHr19FluD8W3zOAA Message-ID: To: Niklas Keller Cc: PHP Internals Content-Type: multipart/alternative; boundary="001a114e6e8a2dd2470550c36a71" Subject: Re: [RFC] Distrust SHA-1 Certificates From: bukka@php.net (Jakub Zelenka) --001a114e6e8a2dd2470550c36a71 Content-Type: text/plain; charset="UTF-8" On Tue, May 30, 2017 at 6:51 AM, Niklas Keller wrote: > > do you know how I can check whether a certificate is in the trust store or > not? > > I guess it depends what you want to do. If you want to check if the cert is in cert store loaded in the SSL struct, then you could get it using SSL_get_client_CA_list and then check the resulted STACK_OF(X509_NAME). If you know X509_STORE_CTX, then you should be able to get chain from it using X509_STORE_CTX_get0_chain and then go through it. But not really sure what fits best to your use case. I'd probably need look into OpenSSL internals to see what would be the best solution. Cheers Jakub --001a114e6e8a2dd2470550c36a71--