Hi, is there any simple way to do SSL certificate chain validation using M2Crypto or any other library ?
Basically what I want to achieve is to be able to say if certificate chain contained in 'XYZ.pem' file is issued by known CA (list of common root-CA's certs should be loaded from separate directory). Right now I do it by spawning command 'openssl verify -CApath <ca_certs_path> XYZ.pem' and it works. However I think that there must be a simpler way. I've spent last few hours trying to go through M2Crypto sources and API "documentation" but the only possible way that I've found is spawning separate server thread listening on some port, and connecting just to verify if cert chain is valid, but going this way is at least not right. The other approach which I've tried is using low-level function m2.X509_verify() but it does not work as I expect. It returns 0 (which means valid) even if CA certificate is not known. Any suggestions / tips ? thanks, Marek Skrobacki -- http://mail.python.org/mailman/listinfo/python-list
