>> Hi, I'm trying to figure out how to check a certificate is valid
>> according to a chain of certificates.
>>
>> There are 3 certs in all, and they are all held as X509 data in memory, e.g.
>>
>> X509 *server_cert;
>> X509 *inter_cert;
>> X509 *root_cert;
>>
>> How can I check that 'server_cert' is authenticated by 'inter_cert',
>> and that in turn is authenticated by 'root_cert' ?
>
> Stick them in an X509_STORE_CTX and call X509_verify_cert(). See
> apps/verify.c for an example.
>
I'm using verify_cert, and whilst that works to allow me to check that
inter_cert is ok according to root_cert (result = 1) I can't check
that server_cert is ok according to inter_cert (that gets result =0,
error 'unable to get issuer certificate')
For this particular project I'm required to check each step
individually, not the entire chain at once.
How can I get verify_cert to say that the server cert is ok according
to the inter cert, regardless of any other cert that may be needed to
complete the chain. (The code will then go on to check inter against
root, or against another inter etc as needed asuming each step is
completed ok)
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
