> On May 3, 2018, at 3:06 AM, Anil kumar Reddy <morthalaanilre...@gmail.com>
> wrote:
>
> The issue is:
> I am unable to find out the exact command lines or c/c++ program functions to
> prove the SignedCertificate.pem is signed or not. I have spent more than one
> day on researching, but I am end up with confusion. I do not have any digital
> certificate chain.
To verify the signature on a single certificate using a known issuer
public key you call:
X509_verify(X509 *cert, EVP_PKEY *pkey)
with return values <= 0 indicating failure. To verify a certificate
chain against a set of trust anchors you call:
X509_verify_cert(X509_STORE_CTX *ctx)
where "ctx" is populated with the certificate chain, trust anchors,
CRLs, verification parameters, including some types of subject names
to check... This is what most applications use to check that something
is signed by a trusted certificate with the right identity and purpose.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
