Hi all,
I have two issues when I am trying to verify the certificates from an SSL
connection. In particular I have difficulties in understanding how to:
- Add a set of certificates that are to be trusted (trust anchors..)
- Add a set of certificates that might be needed to build the chain
(not trust anchors.. )
- Accept a chain of certificates where a self-signed cert is present
without that error to be the only one reported in the verify callback
(i.e., are there any flags I can set to avoid the error ?)
So far, from the source code, I thought that by using:
store = SSL_CTX_get_cert_store(ctx);
X509_STORE_add_cert (store, cert);
...
ssl = SSL_new ( ctx );
I would add the cert to the trusted ones.. but it does not seem to work :(
Where are the functions or the right pointers to do that without using the
SSL_CTX_load_verify_locations() ???
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
project.mana...@openca.org
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
smime.p7s
Description: S/MIME Cryptographic Signature
