Re: verify certificate in c

2010-07-05 Thread Michael S. Zick 
On Sun July 4 2010, Jeremy Farrell wrote:
> > From: Behalf Of Michael S. Zick
> > Sent: Saturday, July 03, 2010 6:51 PM
> > 
> > On Sat July 3 2010, Dr. Stephen Henson wrote:
> > > On Sat, Jul 03, 2010, belo wrote:
> > > > 
> > > > Damn!
> > > > how can be possible that in the official openssl 
> > > > documentation there's
> > > > nothing about this OpenSSL_add_all_algorithms()?!?!?!?
> > > 
> > > http://www.openssl.org/support/faq.html#PROG8
> > 
> > The OP does have a point -
> > That faq says: "see the openssl manual" -
> 
> Not that I can see. 
> The destination of that link refers to OpenSSL_add_all_algorithms 
> and immediately afterwards says "See the manual page for more information".  
>

Exactly my point.  Glad you where able to spot it immediately.

Try this as a substitute:

The cause is forgetting to load OpenSSL's table of algorithms.
See the manual page on OpenSSL_add_all_algorithms() for more information.

Keeping the hypertext link under OpenSSL_add_all_algorithms of course.

Your choice on what to do about that third sentence of the section.

Mike
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: verify certificate in c

2010-07-04 Thread Jeremy Farrell 
> From: Behalf Of Michael S. Zick
> Sent: Saturday, July 03, 2010 6:51 PM
> 
> On Sat July 3 2010, Dr. Stephen Henson wrote:
> > On Sat, Jul 03, 2010, belo wrote:
> > > 
> > > Damn!
> > > how can be possible that in the official openssl 
> > > documentation there's
> > > nothing about this OpenSSL_add_all_algorithms()?!?!?!?
> > 
> > http://www.openssl.org/support/faq.html#PROG8
> 
> The OP does have a point -
> That faq says: "see the openssl manual" -

Not that I can see. The destination of that link refers to 
OpenSSL_add_all_algorithms and immediately afterwards says "See the manual page 
for more information".

> I just typed in: man openssl
> 
> and there is no mention of OpenSSL_add_all_algorithms.

Not surprising, but what might lead you to do that? If I'm advised to look at 
the manual page for OpenSSL_add_all_algorithms, and I want to use the man 
command to do it, I type:

   man OpenSSL_add_all_algorithms

If I'm on the web as in this case I'd either click on the hyperlink given in 
the FAQ answer, or use Google:

   http://lmgtfy.com/?q=OpenSSL_add_all_algorithms

> How about a fag#8.5 ? -
> By "openssl manual" we mean here: _ _ _ _

Perhaps "the thing linked to by the link adjacent to the reference to the 
manual"? Though since the phrase "openssl manual" doesn't occur on the FAQ 
page, it's moot.

> Note: In case this has changed with openssl versions -
> I am looking at 0.9.8g which is the version currently
> provided by the Debian/Stable (Lenny) distribution.

The man page is there with 
0.9.8a.__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: verify certificate in c

2010-07-03 Thread Michael S. Zick 
On Sat July 3 2010, Dr. Stephen Henson wrote:
> On Sat, Jul 03, 2010, belo wrote:
> 
> > 
> > Damn!
> > how can be possible that in the official openssl documentation there's
> > nothing about this OpenSSL_add_all_algorithms()?!?!?!?
> > 
> 
> http://www.openssl.org/support/faq.html#PROG8
> 

The OP does have a point -
That faq says: "see the openssl manual" -

I just typed in: man openssl

and there is no mention of OpenSSL_add_all_algorithms.

How about a fag#8.5 ? -
By "openssl manual" we mean here: _ _ _ _

Note: In case this has changed with openssl versions -
I am looking at 0.9.8g which is the version currently
provided by the Debian/Stable (Lenny) distribution.

Mike
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
> 
> 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: verify certificate in c

2010-07-03 Thread Dr. Stephen Henson 
On Sat, Jul 03, 2010, belo wrote:

> 
> Damn!
> how can be possible that in the official openssl documentation there's
> nothing about this OpenSSL_add_all_algorithms()?!?!?!?
> 

http://www.openssl.org/support/faq.html#PROG8

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: verify certificate in c

2010-07-03 Thread belo 

Damn!
how can be possible that in the official openssl documentation there's
nothing about this OpenSSL_add_all_algorithms()?!?!?!?

that documentation sucks a lot!

anyway thanks :)

-- 
View this message in context: 
http://old.nabble.com/verify-certificate-in-c-tp29043989p29063450.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: verify certificate in c

2010-07-03 Thread Mounir IDRASSI 
Hi,

Just add a call to *OpenSSL_add_all_algorithms* at the beginning of your
main and the certificate verification will be OK.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

>
> Hi, I'm a newbie user of OpenSSL.
> I want to create a simple C program that verify a certificate chain like
> this:
> rootCA->CA-A->client
>
> i found this example on the internet that should work for two consecutive
> certificate (but it doesn't work for me); i don't known how to create the
> chain...
>
> [code]
> #include 
> #include 
> #include 
> #include 
> #include 
>
> int main(int argc,char **argv)
> {
>
> int i;
> FILE *fp;
> X509 * cert;
> X509_STORE_CTX csc;
> char *strerr;
>
> fp = fopen ("ca-a-cert.pem", "r");
> cert = PEM_read_X509 (fp, NULL, NULL, NULL);
>
> X509_STORE *ctx=NULL;
> ctx=X509_STORE_new();
> X509_STORE_load_locations(ctx, "cacert.pem", "./");
>
> X509_STORE_set_default_paths(ctx);
>
> X509_STORE_CTX_init(&csc,ctx,cert,NULL);
>
> if (X509_verify_cert(&csc) != 1) {
>   strerr = (char *) X509_verify_cert_error_string(csc.error);
>   printf("Verification error: %s\n", strerr);
>   return 1;
>   }
> X509_STORE_CTX_cleanup(&csc);
>
> }
> [/code]
>
> the output is: Verification error: certificate signature failure
>
> "cacert.pem" is the certificate of the rootCA, whereas "ca-a-cert.pem" is
> the CA-A cert.
>
> the certificate are good because i verify it by the bash command: openssl
> verify -CAfile cacert.pem ca-a-cert.pem
>
> with output:
> ca-a-cert.pem: OK
>
> any suggestion?
>
> p.s. sorry for my bad English :)
> --
> View this message in context:
> http://old.nabble.com/verify-certificate-in-c-tp29043989p29043989.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

verify certificate in c

2010-07-02 Thread belo 

Hi, I'm a newbie user of OpenSSL.
I want to create a simple C program that verify a certificate chain like
this:
rootCA->CA-A->client

i found this example on the internet that should work for two consecutive
certificate (but it doesn't work for me); i don't known how to create the
chain...

[code]
#include 
#include 
#include 
#include 
#include 

int main(int argc,char **argv)
{

int i;
FILE *fp;
X509 * cert;
X509_STORE_CTX csc;
char *strerr;

fp = fopen ("ca-a-cert.pem", "r");
cert = PEM_read_X509 (fp, NULL, NULL, NULL);

X509_STORE *ctx=NULL;
ctx=X509_STORE_new();
X509_STORE_load_locations(ctx, "cacert.pem", "./");

X509_STORE_set_default_paths(ctx);

X509_STORE_CTX_init(&csc,ctx,cert,NULL);

if (X509_verify_cert(&csc) != 1) {
strerr = (char *) X509_verify_cert_error_string(csc.error);
printf("Verification error: %s\n", strerr);
return 1;
}
X509_STORE_CTX_cleanup(&csc);

}
[/code]

the output is: Verification error: certificate signature failure

"cacert.pem" is the certificate of the rootCA, whereas "ca-a-cert.pem" is
the CA-A cert.

the certificate are good because i verify it by the bash command: openssl
verify -CAfile cacert.pem ca-a-cert.pem 

with output:
ca-a-cert.pem: OK

any suggestion?

p.s. sorry for my bad English :)
-- 
View this message in context: 
http://old.nabble.com/verify-certificate-in-c-tp29043989p29043989.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org