Thanks for the reply. Is there any way to override this behavior?
This doesn't quite make sense to me. Isn't the certificate chain updated during the handshake? Would this callback be able to override data errors there??
Also, what about OCSP checks? Does this callback override those, or does it not?
I did a test where I added a date override callback, rolled back my clock, and tried to connect.
About to verify certificate signature
No CA signer to verify with
Failed to verify Peer's cert
Callback override available, will continue
wolfSSL Entering InitOcspRequest
----------- date_override_cb -------------
wolfSSL Entering ERR_error_string
In verification callback, error = -188, ASN no signer error to confirm failure
Subject's domain name is officeapps.live.com
Cert error is not date error, not overriding
growing output buffer
Now, I know for a fact that I have the right CA cert loaded up, coz when I pull the clock to real time, this works. Looks like the error reporting here is incorrect. I looked at the code, there is indeed, a call to ParseCertRelative, which does a date check...
So it seems like this override callback is not really doing what it claims, or I am doing something wrong. Not sure which is the case.