Hi, I am trying to perform certification verification for a self-signed CA certificate as well as another certificate signed by this CA. The problem is that the verification always fails.
Here is what I do: /* Convert the DER encoded certificate into an X509 structure used by SSL. */ x509_manufCert = d2i_X509_fp(manufCert, &(x509_manufCert)); /* Get the public key information from the certificate.*/ pubKey = X509_get_pubkey(x509Cert); status = X509_verify(x509fCert, pubKey); The return status is always -1. I attempted to convert the pubKey into its DER format to compare it with the original one in the DER certificate using the following: len = i2d_PUBKEY(&(PS_Infos->m_manufPublicKey),&(tmp)) and I found that the final DER publickey has a length of 162 (i.e. 34 bytes where appended to the original key) The twisted version of the public causes verification of certificates to fail. I will appreciate it if any one can explain why the DER public key is different from the original DER key in certificate. Thanks in Advance, Hanem Eladly ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]