IceSSL: Additional failure info accessible from the low level SSL engine?
We are looking to enhance the user experience around certification validation failures in our application. IceSSL::verify() does provide verification for a number of items ( e.g. cert chain provided, chain valid, chain depth, and trust ), and potentially more. But if any of those fail, the return is simply a true/false. We understand that we could write our own logic to do these verifications up front, but if Ice already has this logic build in, it would be nice to be able to access it so we don't have to have our own. Currently we do install a certificate verifier as well, which we use to do extra validation, but that also won't be called unless the low level Ice SSL checks pass. If this information could be obtained, we could enhance our certificate dialog prompt back to the user that might help them more accurately understand the failure and how to fix it.