Any help from someone ?
:-)
Flt
Il giorno mer, 30/07/2008 alle 23.57 +0200, Francesco la Torre ha
scritto:
> Dear all,
> I'm new in openssl api and I'm trying to write e simple application to
> verify an x509 certificate but I'm facing with some strange problem.
>
> Here there is a snapshot of my code to use to replicate my scenario :
>
> #include<stdio.h>
> #include<stdlib.h>
> #include<string.h>
> #include <openssl/pem.h>
> #include <openssl/err.h>
> #include <openssl/sha.h>
> #include <openssl/ssl.h>
>
> const char root_cert_data[] =
> "-----BEGIN CERTIFICATE-----\n\
> MIIDQjCCAqugAwIBAg ... Rinw==\n\
> -----END CERTIFICATE-----\n";
>
> int main(int argc, char **argv){
>
> FILE *fp;
> X509 *root_cert;
>
> X509_STORE *CAcerts;
> X509 * cert;
>
> X509_STORE_CTX ca_ctx;
> char *strerr;
> BIO *bio;
>
> STACK_OF(X509) *trusted_chain;
>
> trusted_chain = sk_X509_new_null();
>
> if (!(bio = BIO_new_mem_buf((void *) root_cert_data, -1))) {
> printf("BIO_new_mem_buf\n");
> exit(1);
> }
> BIO_set_close(bio, BIO_NOCLOSE);
> if (!(root_cert = PEM_read_bio_X509(bio, 0, 0, 0))) {
> printf("PEM_read_bio_X509 (root)\n");
> ERR_print_errors_fp(stdout);
> exit(1);
> }
>
> sk_X509_push(trusted_chain, root_cert);
> /* load CA cert store */
> if (!(CAcerts = X509_STORE_new())) {
> printf ("\nError1\n");
> }
>
> if (X509_STORE_load_locations(CAcerts,
> "/home/frank/test/test-CA/calist.pem" , NULL ) != 1) {
> printf ("\nError2\n");
> }
> if (X509_STORE_set_default_paths(CAcerts) != 1) {
> printf ("\nError3\n");
> }
>
> /* load X509 certificate */
> if (!(fp = fopen ("cert.pem", "r"))){
> printf ("\nError4\n");
> }
> if (!(cert = PEM_read_X509 (fp, NULL, NULL, NULL))){
> printf ("\nError5\n");
> }
>
> /* verify */
> if (X509_STORE_CTX_init(&ca_ctx, CAcerts, cert, trusted_chain) != 1)
> {
> printf ("\nError6\n");
> }
>
> X509_STORE_CTX_trusted_stack(&ca_ctx, trusted_chain);
>
> if (X509_verify_cert(&ca_ctx) != 1) {
> strerr = (char *) X509_verify_cert_error_string(ca_ctx.error);
> printf("Verification error: %s", strerr);
> }
>
> X509_STORE_free(CAcerts);
> X509_free(cert);
>
> return 0;
> }
>
> obviously root_cert_data[] and cert.pem have to be replaced with your
> certs.
> Compilated as
>
> gcc -Wall x509.c -o x509 -lssl -lcrypto
>
> after execution I receive this error :
>
> Verification error: certificate signature failure
>
> Even if I try to verify my certificate by mean command line tool
>
> openssl verify -CAfile /home/frank/test/test-CA/calist.pem cert.pem
>
> The output is :
>
> cert.pem: OK
>
> Does anybody know where is the problem ?
>
> Thanks in advance,
> Francesco la Torre
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [email protected]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
