Well, I just added this : SSL_get_verify_result( ssl );
And with the result being one of the return codes listed here : http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS Looks like I've answered myself :) On Fri, 2005-01-21 at 14:04 +0900, Naoki wrote: > Hi all, > > I'm writing a little code snippet to just check the validity of a > certificate ( and the entire chain preferably ). Whilst using the > example code it's easy enough to make the connection and setup a session > but being a newbie I'm not clear on what/how I should verify the certs. > > So far. > SSL_get_peer_cert_chain(ssl); > server_cert = SSL_get_peer_certificate (ssl); > CHK_NULL(server_cert); > cert_name = X509_NAME_oneline (X509_get_subject_name > (server_cert),0,0); > CHK_NULL(cert_name); > cert_issuer = X509_NAME_oneline (X509_get_issuer_name > (server_cert),0,0); > CHK_NULL(cert_issuer); > > -> Needs verification here. > > Searching google shows plenty on how to use "openssl -verify" which > doesn't really help. > > While I start to dig further into the openssl code and try to pull out > bits from the '-verifiy' functionality does anybody have any simple code > for cert verification ? > > > Cheers. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] Mark "Naoki" Rogers ---------------------------------------- Vice President - Systems and Engineering ValueCommerce ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]