i = X509_verify(x, X509_get_pubkey(x))
will only succeed on self-signed (CA) certificates like Verisign.
What you need to do is verify the cert using the pubkey of it's issuer:
i = X509_verify(x, X509_get_pubkey(issuer_of_x))
but this will leak memory since X509_get_pubkey(x) adds one to the refcount of the
pubkey of x, and you don't save the pointer. (Of course you could
get it later and do 2 free's but only if you still have the cert x)
This is new behaviour of X509_get_pubkey since OpenSSL 0.9.(1?)
that broke apps written for SSLeay (I know first hand...)
/Per
smime.p7s
