c - OpenSSL - find error depth in certificate chain -

i writing c program retrieve , verify x509 certificate chain using openssl. first time programming in c , relying heavily on tutorial @ http://www.ibm.com/developerworks/linux/library/l-openssl/

i able retrieve error code connection using code below:

if (ssl_get_verify_result(ssl) != x509_v_ok) {     printf("\nerror verifying certificate\n");     fprintf(stderr, "error code: %lu\n", ssl_get_verify_result(ssl)); } 

however need know certificate offending one. there way determine chain depth of error command line s_client? example code appreciated.

i found answer in "network security openssl" chandra, messier , viega.

it uses ssl_ctx_set_verify designate callback function gets run after verification routine each certificate in chain.

ssl_ctx_set_verify(ctx, ssl_verify_peer, verify_callback);   int verify_callback(int ok, x509_store_ctx * store) {   if (!ok) //if particular cert had error   {     int depth = x509_store_ctx_get_error_depth(store);     int err = x509_store_ctx_get_error(store);   } }