On November 7, 2008 06:08:19 am Aravinda babu wrote: > Hi all, > > First of all thanks for all of your suggestions and information.I got a > clear idea of how to do the required thing. > I forgot to mention one thing. > > We are making one library for certificate management which will be used by > different applications.In that library we have one API which will verify > the certificate given as input parameter.So i don't have any SSL context or > SSL STORE context with me.Just application passes one certificate in X509 * > and i have to verify that certificate.I think you got my point.My library > doesn't have any touch with SSL session etc....... > > Now to verify that certificate i have to prepare a certificate chain from > the application supplied certificate.Is it possible to do this ? > Yes - it is - that is exactly what Pathfinder does - it just takes a certificate from the SSL and/or X509_verify callback (also works with Netscape Security Services). As I said in my previous email, you may want to look at using that, given it is a rather difficult task, so instead of re-inventing the wheel, you may want to re-use the code that we have in Pathfinder. It is licensed under the LGPL with an OpenSSL permissive clause, so even if you want to include the code in a proprietary application, that shouldn't cause you any problems.
If you want to discuss this more, please contact me off-list. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]