Aaron Stromas wrote:
>
> I am probably making a silly mistake but I've been stuck on it for quite
> a long time. Please help me to get out of my predicament. This is what
> I'm doing:
>
> BIO *bstdout;
> X509 *x, *ca;
> X509_STORE *store;
> X509_STORE_CTX ctx;
>
> bstdout = BIO_new_fp(stdout, BIO_NOCLOSE);
> /* load & show CA cert */
> if (ca = load_cert(bstdout, "ca.pem", str2fmt("PEM"))) {
> X509_print(bstdout, ca);
> if (x = load_cert(bstdout, "cart.pem", str2fmt("PEM))) {
> X509_print(bstdout, x);
> store = X509_STORE_new();
> X509_STORE_set_default_paths(store);
> X509_STORE_add_cert(store, ca);
> X509_STORE_CTX_init(&ctx, store, x, NULL);
> if (X509_verify(&ctx))
> printf("OK\n");
> else
> printf("Nope\n");
> }
> }
>
> Although the cert loaded in x was issued by the CA whose cert is in ca
> (openssl 0.9.5), I'm still getting "Nope". I must be misunderstanding
> something, but what is it? TIA,
>
X509_verify()? Surprised it doesn't crash, that function is just for
verifying a single certificate against a known public key, and it takes
two arguments. If you are using X509_verify() (and that isn't just a
typo) use X509_verify_cert() instead.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
