Found the problem...
The x509 pointer should not be free since the ssl_ctx will continue to
use it.
Thanks Liz
Liz Voss wrote:
Hello,
I need to implement new requirement to verify private certificate
before it is used for SSL/TLS connection.
Basically I should not use certificate that is expired or revoked. I
am working with OpenSSL 0.9.8i.
I made function similar to what we are using to verify peer
certificate but I am experiencing crashes in X509_verify_cert function.
I wonder if anybody is verifying private certificate used for SSL/TLS
connection?
Any tip would be greatly appreciated.
Liz
I prepared ssl_ctx by loading CA, CRL, ciphers and private certificate.
He is code fragment showing the major steps.
SSL *ssl;
X509 *x509 = NULL;
X509_STORE_CTX *ctx;
X509_STORE *cert_store = NULL;
ssl = SSL_new(ssl_ctx);
x509 = SSL_get_certificate (ssl); /* x509 =
SSL_get_peer_certificate (ssl); */
cert_store = SSL_CTX_get_cert_store(ssl_ctx);
X509_STORE_set_verify_cb_func(cert_store, _verifyCertificateCallback);
ctx = X509_STORE_CTX_new();
X509_STORE_CTX_init(ctx, cert_store, x509, NULL);
X509_verify_cert(ctx);
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
