(05-14-2018, 07:11 AM)wzehntner Wrote: The AError that is returned is always = 19
Where can I find a list of AError-codes ?
They come from OpenSSL's X509_STORE_CTX_get_error() function. Error 19 is X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN. Most of the X509_V_ERR_... error codes are defined in Indy's IdSSLOpenSSLHeaders unit (the rest are in the x509_vfy.h header file in OpenSSL's SDK).
(05-14-2018, 07:11 AM)wzehntner Wrote: Does a self-signed certificate always return this error-code
Yes.
(05-14-2018, 07:11 AM)wzehntner Wrote: I also noticed that the Verify-event is triggered 3 times when ADepth = 1
Why is that so ?
I can't answer that.
(05-14-2018, 07:11 AM)wzehntner Wrote: How can I display (on the client side) some information about the server-certificate (thus giving the client a chance to accept and trust the certificate)?
All the certificate information is available via the TIdX509 object that is provided in the OnVerifyPeer event. Some details are exposed in nice property wrappers. Other details you will have to query manually from OpenSSL directly, using the raw PX509 handle from the TIdX509.Certificate property.