Thanks much, Lutz. > Do not access members of the SSL object (ssl->...) > directly, as these > structures may change. Please use the offical API > SSL_get_peer_certificate(), > SSL_get_peer_cert_chain() to obtain the > X509 objects. You can then simply write them to file > using the > PEM_write_X509()/PEM_write_bio_X509() function.
I am now able to save the cert in PEM format, but stuck with another problem. In my client verify_callback, I extract the server certificate, and store in a file using: pCert=X509_STORE_CTX_get_current_cert(ctx); PEM_write_X509(filename.pem, pCert); For future ssl session, I load filename.pem using verify_load_location(,filename.pem,NULL), which I hope that the same cert sent from server can be verified against this saved version. However, on new seesion of verify_callback, I still get the same error message as untrusted cert from server. I tried to use verify_load_location using a trusted root cert signed by the server cert CA. It works and the server cert can be verified correctly as trusted cert. So, my question is: there must be some other information, probably other kind of cert, that I need to save to make it a trusted root cert list for me to verified against server cert that was sent by server during authentication. Sorry for my ignorance. I appreciate your guidance very much. __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
