>> Hi, I'm trying to figure out how to check a certificate is valid >> according to a chain of certificates. >> >> There are 3 certs in all, and they are all held as X509 data in memory, e.g. >> >> X509 *server_cert; >> X509 *inter_cert; >> X509 *root_cert; >> >> How can I check that 'server_cert' is authenticated by 'inter_cert', >> and that in turn is authenticated by 'root_cert' ? > > Stick them in an X509_STORE_CTX and call X509_verify_cert(). See > apps/verify.c for an example. >
I'm using verify_cert, and whilst that works to allow me to check that inter_cert is ok according to root_cert (result = 1) I can't check that server_cert is ok according to inter_cert (that gets result =0, error 'unable to get issuer certificate') For this particular project I'm required to check each step individually, not the entire chain at once. How can I get verify_cert to say that the server cert is ok according to the inter cert, regardless of any other cert that may be needed to complete the chain. (The code will then go on to check inter against root, or against another inter etc as needed asuming each step is completed ok) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
