Shlomi wrote: > > Hi All, > > I am trying to verify the signature of a certificate using the routine >X509_verify_cert() but without success: > When it tries to verify th root certificate it stop with error #7 (certificate >signature failure). > I hope someone can help... > > Some details about my check routine: > Following are my check routine, callback routine and the callback log text, attached >are my user certificate + CA root certificate. > I don't know if it help but when I tried to verify a certificate which was signed by >my own root CA (which were generated by openssl) - The same problem occured. >
Read the FAQ re: OpenSSL_add_all_algorithms(). Also, don't set X509_V_FLAG_CB_ISSUER_CHECK: its for debugging. Your callback is ignoring sevral errors. The example verify programs for OpenSSL use callbacks which ignore many errors for testing purposes, but they are somwhat dangerous for real applications. Most of the time you don't need a callback at all. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
