Bingo. Thanks
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Dr Stephen Henson
Sent: Wednesday, March 08, 2000 5:47 PM
To: [EMAIL PROTECTED]
Subject: Re: Verifying Certificates
Mark E. Schoneman wrote:
>
> I'm aware I'm trying to cheat abit here, but here's the problem.
> I'm trying to verify certificates via API rather than reading from files.
> I have the CA cert in CAx509 and the cert to verify in x509
> I use X509_STORE_add_cert it load the CA's cert in the store, thinking
> that if finds it there first, It won't try call any X509_LOOKUP functions.
> Here's what I'm trying to do and any pointers would help. TIA
>
> Mark S.
>
> X509 *CAx509
> X509 *x509
>
> ERR_load_crypto_strings();
>
> SSLeay_add_all_algorithms();
>
>
> ctx = X509_STORE_new();
>
> status = X509_STORE_set_default_paths(ctx);
> printf("Status %d\n", status); status = 1
>
> status = X509_STORE_add_cert(ctx, CAx509);
> printf("Status %d\n", status); status = 1
>
> X509_STORE_CTX_init(&csc, ctx, x509, NULL);
> status = X509_verify_cert(&csc);
>
> if(status) printf("Status %d\n", status);
> else {
> printf("Status%d\n", status); status = 0
> ERR_print_errors_fp(stderr); No error messages
> exit (1);
> }
>
ERR_print_errors_fp() wont work with certificate verify. Have a look at
the verify callback and stuff in apps/verify.c and the see what error
you get.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]