Hi,
What I do is to generate a certificate and verify it,
below is some source code:
**----------------------------------------------------------**
/** generate a certificate: X509 *cert **/
.....
/** sign cert using CACert's private key **/
if (X509_sign(cert, ca_priv_key, digest) == 0)
{
goto RER;
}
printf("successful sign\n");
/** read CACert to X509 *CA_Cert **/
if (load_ca_cert(CA_Cert_File_Name, &CA_Cert) != PKI_OK)
{
goto RER;
}
/** verify cert **/
store = X509_STORE_new ();
X509_STORE_set_default_paths (store);
X509_STORE_add_cert(store,CA_Cert);
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0)
{
i = X509_STORE_CTX_get_error (&store_ctx);
pki_log(FAIL, __FILE__, __LINE__, NULL, \
" X509_verify_cert failed ,error-code=%d",i);
goto RER;
}
printf("VERIFY SUCCESSED!");
**----------------------------------------------------------------**
The result is sign succeeded and verify failed.
The error code is 7: X509_V_ERR_CERT_SIGNATURE_FAILURE
Why I get this error? Any hint will be appreciated.
----------------------------------------------
欢迎使用 21CN 电子邮件系统http://www.21cn.com
Thank you for using 21CN Email system
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
