struct crypto_cert_struct
{
X509 * px509;
+ STACK_OF(X509) *px509chain;
};
#ifdef __cplusplus
X509_STORE_set_flags(cert_ctx, 0);
- if (!X509_STORE_CTX_init(csc, cert_ctx, xcert, 0))
+ if (!X509_STORE_CTX_init(csc, cert_ctx, xcert, cert->px509chain))
goto end;
if (X509_verify_cert(csc) == 1)
{
CryptoCert cert;
X509* remote_cert;
+ STACK_OF(X509) *chain;
if (peer)
remote_cert = SSL_get_peer_certificate(tls->ssl);
}
cert->px509 = remote_cert;
+
+ /* Get the peer's chain. If it does not exist, we're setting NULL (clean data either way) */
+ chain = SSL_get_peer_cert_chain(tls->ssl);
+ cert->px509chain = chain;
+
return cert;
}