On May 13, 2008 08:42:13 am Roger No-Spam wrote: > Hello, > > I need to create a certificate chain. The inputs are my own certificate, a > list of root certificates, a list of intermediate certificates and the > distinguished name of the root CA the peer trusts. The certificate chain I > need to create shall start with my own cert, and end with the root CA the > peer trusts. Are there any utility functions in openssl that do this? > > When browsing through the code and header files I found that X509_STORE and > X509_STORE_CTX seem to do similar things to what I am searching for. > However, I have not been able to find any documentation for these > functions. Is there any documentation available somewhere that I have > missed? > If you are building and validating certificate chains, you may want to take a look at Pathfinder (http://pathfinder-pki.googlecode.com). Remember, there are LOTS of rules for validating certificates, and just checking that there is a signature path between two certs is insufficient in most cases, if you want to have real trust.
Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
