OK.. I think I understood this API wrongly then.
What will X509_verify() will verify if I pass it public key.
I mean in place of private key , if I try to match the public key than
rather than doing keys comparision, will passing the public key to this
API, help ?
I mean does it check the private key with which certificate was signed, or
the public key which this certificate signs.
Sorry, I think I am still bit not clear on purpose of the API.
Thanks & Regards,
Nayna Jain
From: Viktor Dukhovni <openssl-us...@dukhovni.org>
To: openssl-us...@openssl.org, openssl-dev@openssl.org
Date: 06/22/2015 08:00 AM
Subject: Re: [openssl-dev] [openssl-users] X509_verify() error - block
type is not 01
Sent by: "openssl-dev" <openssl-dev-boun...@openssl.org>
On Mon, Jun 22, 2015 at 07:56:37AM +0530, Nayna Jain wrote:
> I want to match the certificate with the private key for whose public key
> that certificate is provided.
That's the subject key, and unless the certificate is self-signed,
the X509_verify() function is not the right interface. You want
to extract the certificate's public key and compare it with the
key you have. You can compare (memcmp()) the DER encoding of
the public key from the certificate with the DER encoding of
the desired key.
> If this verifies who signed the certificate, then how do I verify whether
> the certificate provided is for the private key which was generated,
You compare the keys, or the key fingerprints.
--
Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
