RE: -verify option for s_client

Sun, 14 Jan 2001 07:49:15 -0800 

Hi, i didn't try to verify the depth by the openssl commandes but by some
code, i'm given it to ya if u r interested and if this could help ya!
the variable preverify_ok is set to 1, this assumes that i'll verify for a
depth equals to 1.

***************************************************
int verify_callback(int preverify_ok, X509_STORE_CTX *ct)


    X509   *err_cert;
    int     err, depth;

    err_cert = X509_STORE_CTX_get_current_cert(ct);
    err = X509_STORE_CTX_get_error(ct);
    depth = X509_STORE_CTX_get_error_depth(ct);

    X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 4096);
    if (depth > verify_depth)

        preverify_ok = 0;
        err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
        X509_STORE_CTX_set_error(ct, err);
    }
    if (!preverify_ok)

        sprintf(message, "verify_callback: depth %d: Error: num=%d: %s:
subjet=%s", depth, err,  X509_verify_cert_error_string(err),                buf);
        trace_stderr(message);
    }

    if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))

      X509_NAME_oneline(X509_get_issuer_name(ct->current_cert), buf, 4096);
      sprintf(message,"verify_callback: issuer=%s", buf);
      trace_stderr(message);
    }

    if (preverify_ok)  {
        if (depth == 0) {
                trace_stderr("verify_callback: authentification succeed");
        }
    }
    return preverify_ok;
 }
***************************************************

-----Message d'origine-----
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]De la part de Auteria Wally
Winzer Jr.
Envoyé : vendredi 12 janvier 2001 23:19
À : [EMAIL PROTECTED]
Objet : -verify option for s_client


Can someone provide an example of the -verify depth option
for s_client.  I'm trying to verify the cert/key and don't know
what arg for the depth to use.  This is what I have so far:

openssl s_client -connect localhost:993 -verify <what to use?>

Thanks.

- Wally Winzer Jr.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to