On November 5, 2008 08:12:20 am Aravinda babu wrote: > Hi all, > > Is there any OpenSSL API which will prepare the certificate chain from the > peer certificate given as input ????????? I have only peer certificate.I > have to build the cert chain from this .... > There is nothing in OpenSSL that will build a chain for you - if you want to use raw OpenSSL, then you have to do all of the AIA and CRL Distribution Point chasing yourself. Alternatively, you could use something like Pathfinder[1], to build and validate the chain for you. It has all of the hooks to attach into the SSL_verify_* callbacks, so that may be a path you want to investigate, if you only want to be able to give your program a single trust anchor, or small list of trust anchors, without pre-loading your application with all of the intermediate certificates/bridge certificates/etc.
[1] http://www.carillon.ca/tools/pathfinder.php Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
