RE: Verifying Certificates

Thu, 9 Mar 2000 08:36:54 -0800 

Bingo. Thanks

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Dr Stephen Henson
Sent: Wednesday, March 08, 2000 5:47 PM
To: [EMAIL PROTECTED]
Subject: Re: Verifying Certificates


Mark E. Schoneman wrote:
>
> I'm aware I'm trying to cheat abit here, but here's the problem.
> I'm trying to verify certificates via API rather than reading from files.
> I have the CA cert in CAx509 and the cert to verify in x509
> I use X509_STORE_add_cert it load the CA's cert in the store, thinking
> that if finds it there first, It won't try call any X509_LOOKUP functions.
> Here's what I'm trying to do and any pointers would help. TIA
>
>                                                         Mark S.
>
>   X509 *CAx509
>   X509 *x509
>
>   ERR_load_crypto_strings();
>
>   SSLeay_add_all_algorithms();
>
>
>   ctx = X509_STORE_new();
>
>   status = X509_STORE_set_default_paths(ctx);
>   printf("Status %d\n", status);              status = 1
>
>   status = X509_STORE_add_cert(ctx, CAx509);
>   printf("Status %d\n", status);                    status = 1
>
>   X509_STORE_CTX_init(&csc, ctx, x509, NULL);
>   status = X509_verify_cert(&csc);
>
>  if(status) printf("Status %d\n", status);
>   else {
>         printf("Status%d\n", status);    status = 0
>         ERR_print_errors_fp(stderr);       No error messages
>         exit (1);
>   }
>

ERR_print_errors_fp() wont work with certificate verify. Have a look at
the verify callback and stuff in apps/verify.c and the see what error
you get.

Steve.
--
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to