Hi, Thus wrote Plot Lost (plot.l...@gmail.com):
> > Stick them in an X509_STORE_CTX and call X509_verify_cert(). ?See > > apps/verify.c for an example. > I'm using verify_cert, and whilst that works to allow me to check that > inter_cert is ok according to root_cert (result = 1) I can't check > that server_cert is ok according to inter_cert (that gets result =0, > error 'unable to get issuer certificate') > For this particular project I'm required to check each step > individually, not the entire chain at once. > How can I get verify_cert to say that the server cert is ok according > to the inter cert, regardless of any other cert that may be needed to > complete the chain. (The code will then go on to check inter against > root, or against another inter etc as needed asuming each step is > completed ok) you could define a callback function for the verification by using X509_STORE_set_verify_cb_func(store, myCallback); myCallback has the following parameters int myCallback(int ok, X509_STORE_CTX *ctx) When you call X509_verify_cert(), OpenSSL will call your callback function after each verification step. Inside the callback function, you can call X509_STORE_CTX_get_current_cert(ctx) to get the certificate that's currently being verified, the ok parameter will give you OpenSSL's verification status. Maybe this helps, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
