Re: verify certificate in c
On Sun July 4 2010, Jeremy Farrell wrote: > > From: Behalf Of Michael S. Zick > > Sent: Saturday, July 03, 2010 6:51 PM > > > > On Sat July 3 2010, Dr. Stephen Henson wrote: > > > On Sat, Jul 03, 2010, belo wrote: > > > > > > > > Damn! > > > > how can be possible that in the official openssl > > > > documentation there's > > > > nothing about this OpenSSL_add_all_algorithms()?!?!?!? > > > > > > http://www.openssl.org/support/faq.html#PROG8 > > > > The OP does have a point - > > That faq says: "see the openssl manual" - > > Not that I can see. > The destination of that link refers to OpenSSL_add_all_algorithms > and immediately afterwards says "See the manual page for more information". > Exactly my point. Glad you where able to spot it immediately. Try this as a substitute: The cause is forgetting to load OpenSSL's table of algorithms. See the manual page on OpenSSL_add_all_algorithms() for more information. Keeping the hypertext link under OpenSSL_add_all_algorithms of course. Your choice on what to do about that third sentence of the section. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: verify certificate in c
> From: Behalf Of Michael S. Zick > Sent: Saturday, July 03, 2010 6:51 PM > > On Sat July 3 2010, Dr. Stephen Henson wrote: > > On Sat, Jul 03, 2010, belo wrote: > > > > > > Damn! > > > how can be possible that in the official openssl > > > documentation there's > > > nothing about this OpenSSL_add_all_algorithms()?!?!?!? > > > > http://www.openssl.org/support/faq.html#PROG8 > > The OP does have a point - > That faq says: "see the openssl manual" - Not that I can see. The destination of that link refers to OpenSSL_add_all_algorithms and immediately afterwards says "See the manual page for more information". > I just typed in: man openssl > > and there is no mention of OpenSSL_add_all_algorithms. Not surprising, but what might lead you to do that? If I'm advised to look at the manual page for OpenSSL_add_all_algorithms, and I want to use the man command to do it, I type: man OpenSSL_add_all_algorithms If I'm on the web as in this case I'd either click on the hyperlink given in the FAQ answer, or use Google: http://lmgtfy.com/?q=OpenSSL_add_all_algorithms > How about a fag#8.5 ? - > By "openssl manual" we mean here: _ _ _ _ Perhaps "the thing linked to by the link adjacent to the reference to the manual"? Though since the phrase "openssl manual" doesn't occur on the FAQ page, it's moot. > Note: In case this has changed with openssl versions - > I am looking at 0.9.8g which is the version currently > provided by the Debian/Stable (Lenny) distribution. The man page is there with 0.9.8a.__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify certificate in c
On Sat July 3 2010, Dr. Stephen Henson wrote: > On Sat, Jul 03, 2010, belo wrote: > > > > > Damn! > > how can be possible that in the official openssl documentation there's > > nothing about this OpenSSL_add_all_algorithms()?!?!?!? > > > > http://www.openssl.org/support/faq.html#PROG8 > The OP does have a point - That faq says: "see the openssl manual" - I just typed in: man openssl and there is no mention of OpenSSL_add_all_algorithms. How about a fag#8.5 ? - By "openssl manual" we mean here: _ _ _ _ Note: In case this has changed with openssl versions - I am looking at 0.9.8g which is the version currently provided by the Debian/Stable (Lenny) distribution. Mike > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify certificate in c
On Sat, Jul 03, 2010, belo wrote: > > Damn! > how can be possible that in the official openssl documentation there's > nothing about this OpenSSL_add_all_algorithms()?!?!?!? > http://www.openssl.org/support/faq.html#PROG8 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify certificate in c
Damn! how can be possible that in the official openssl documentation there's nothing about this OpenSSL_add_all_algorithms()?!?!?!? that documentation sucks a lot! anyway thanks :) -- View this message in context: http://old.nabble.com/verify-certificate-in-c-tp29043989p29063450.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: verify certificate in c
Hi, Just add a call to *OpenSSL_add_all_algorithms* at the beginning of your main and the certificate verification will be OK. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > > Hi, I'm a newbie user of OpenSSL. > I want to create a simple C program that verify a certificate chain like > this: > rootCA->CA-A->client > > i found this example on the internet that should work for two consecutive > certificate (but it doesn't work for me); i don't known how to create the > chain... > > [code] > #include > #include > #include > #include > #include > > int main(int argc,char **argv) > { > > int i; > FILE *fp; > X509 * cert; > X509_STORE_CTX csc; > char *strerr; > > fp = fopen ("ca-a-cert.pem", "r"); > cert = PEM_read_X509 (fp, NULL, NULL, NULL); > > X509_STORE *ctx=NULL; > ctx=X509_STORE_new(); > X509_STORE_load_locations(ctx, "cacert.pem", "./"); > > X509_STORE_set_default_paths(ctx); > > X509_STORE_CTX_init(&csc,ctx,cert,NULL); > > if (X509_verify_cert(&csc) != 1) { > strerr = (char *) X509_verify_cert_error_string(csc.error); > printf("Verification error: %s\n", strerr); > return 1; > } > X509_STORE_CTX_cleanup(&csc); > > } > [/code] > > the output is: Verification error: certificate signature failure > > "cacert.pem" is the certificate of the rootCA, whereas "ca-a-cert.pem" is > the CA-A cert. > > the certificate are good because i verify it by the bash command: openssl > verify -CAfile cacert.pem ca-a-cert.pem > > with output: > ca-a-cert.pem: OK > > any suggestion? > > p.s. sorry for my bad English :) > -- > View this message in context: > http://old.nabble.com/verify-certificate-in-c-tp29043989p29043989.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
verify certificate in c
Hi, I'm a newbie user of OpenSSL. I want to create a simple C program that verify a certificate chain like this: rootCA->CA-A->client i found this example on the internet that should work for two consecutive certificate (but it doesn't work for me); i don't known how to create the chain... [code] #include #include #include #include #include int main(int argc,char **argv) { int i; FILE *fp; X509 * cert; X509_STORE_CTX csc; char *strerr; fp = fopen ("ca-a-cert.pem", "r"); cert = PEM_read_X509 (fp, NULL, NULL, NULL); X509_STORE *ctx=NULL; ctx=X509_STORE_new(); X509_STORE_load_locations(ctx, "cacert.pem", "./"); X509_STORE_set_default_paths(ctx); X509_STORE_CTX_init(&csc,ctx,cert,NULL); if (X509_verify_cert(&csc) != 1) { strerr = (char *) X509_verify_cert_error_string(csc.error); printf("Verification error: %s\n", strerr); return 1; } X509_STORE_CTX_cleanup(&csc); } [/code] the output is: Verification error: certificate signature failure "cacert.pem" is the certificate of the rootCA, whereas "ca-a-cert.pem" is the CA-A cert. the certificate are good because i verify it by the bash command: openssl verify -CAfile cacert.pem ca-a-cert.pem with output: ca-a-cert.pem: OK any suggestion? p.s. sorry for my bad English :) -- View this message in context: http://old.nabble.com/verify-certificate-in-c-tp29043989p29043989.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org