I am probably making a silly mistake but I've been stuck on it for quite
a long time. Please help me to get out of my predicament. This is what
I'm doing:
BIO *bstdout;
X509 *x, *ca;
X509_STORE *store;
X509_STORE_CTX ctx;
bstdout = BIO_new_fp(stdout, BIO_NOCLOSE);
/* load & show CA cert */
if (ca = load_cert(bstdout, "ca.pem", str2fmt("PEM"))) {
X509_print(bstdout, ca);
if (x = load_cert(bstdout, "cart.pem", str2fmt("PEM))) {
X509_print(bstdout, x);
store = X509_STORE_new();
X509_STORE_set_default_paths(store);
X509_STORE_add_cert(store, ca);
X509_STORE_CTX_init(&ctx, store, x, NULL);
if (X509_verify(&ctx))
printf("OK\n");
else
printf("Nope\n");
}
}
Although the cert loaded in x was issued by the CA whose cert is in ca
(openssl 0.9.5), I'm still getting "Nope". I must be misunderstanding
something, but what is it? TIA,
-a
--
Aaron Stromas | "Tick-tick-tick!!!... ja, Pantani is weg..."
Oracle Corp | BRTN commentator
+1 703.708.68.21 | L'Alpe d'Huez
1995 Tour de France
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
