I've been trying to follow the examples in "Network Security with OpenSSL". But I just don't get it. I know, I'm an idiot. Can somebody point me in the right direction with the appropriate API's to use for doing the following:
I have a digital signature that I want to verify. As part of my verification, I want to
1. get the certificate information from the signature. I want to know who created the signature (so I want to look at the cert that was used to create the signature). I also want to know the the root CA who signed this cert.
2. how do I get an X509* to these certs?
3. how do I verify that the root cert is that of a specific CA. For this, can I simply compare the public key in this root cert with the public key that is known for the CA of interest. Is that enough to determine identity of the root cert? Nobody else can create a self signed cert with the same public key can they?
Does this make any sense? I'm not sure if I'm explaining myself correctly, so this may seem like jibberish. If so, please let me know. And thanks for any help you can give.
Thanks,
Ed
