RE: [ssl-users] Certificate Verification

Thu, 21 May 1998 18:49:40 -0400 


        Well here is how it used to be done in 0.6.6 ...
        
        Not sure if this process has changed much in the newer versions.
===========================================================
bool CertificateX509V1::verifyCertificate(X509* X509CACertificate) const
{
    bool retVal = false;

    long loadedCert = 0;

    X509* CACertAsX509Structure = NULL;

    CERTIFICATE_CTX* cert_ctx=NULL;

    try
    {
        cert_ctx=CERTIFICATE_CTX_new();

        if (cert_ctx == NULL || X509CACertificate == NULL)
        {
            throw FALSE;
        }
        else
        {
            CACertAsX509Structure = X509_dup(X509CACertificate);
        }

        loadedCert = X509_add_cert(cert_ctx, CACertAsX509Structure);

        if (X509CertificateData != NULL)
        {
            retVal = X509_cert_verify(cert_ctx,
                                                X509CertificateData,
                                                (int (*)())cb,
                                                NULL, NULL);
        }
        else
        {
            retVal = FALSE;
        }
    } // try
    catch (bool)
    {
        retVal = FALSE;
    }


    if (cert_ctx != NULL)
    {
        CERTIFICATE_CTX_free(cert_ctx);
    }
                                        // No need to free certificate as it
                                        // is freed when we free the context.
    // if (CACertAsX509Structure != NULL)
    // {
    //     X509_free(CACertAsX509Structure);
    //     CACertAsX509Structure = NULL;
    // }

    return retVal;

} // verifyCertificate


On Wednesday, May 20, 1998 8:42 PM, member U-0176 [SMTP:[EMAIL PROTECTED]] wrote:
> Hi,
> I've made SSL client and server application using SSLeay 0.9.0
> I can get the Cert of each one using SSL_get_peer_certificate, but I
> don't know how to verify certs. I know where are kept the CA, and I know
> the certs are OK.
>       I still did not find what functions to call for verifying certs. I
> thought I need to use SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
> and
> SSL_get_verify_result(ssl)
> But then it always return NULL.
> 
> Is there something I should do ?
> 
>       Thanks.
> 
>                       Eric DESBARBIEUX
> +-------------------------------------------------------------------------+
> | Administrative requests should be sent to [EMAIL PROTECTED] |
> | List service provided by Open Software Associates, http://www.osa.com/  |
> +-------------------------------------------------------------------------+
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/  |
+-------------------------------------------------------------------------+

Reply via email to