Re: Need a certificate verification help

Tue, 13 Mar 2001 06:04:38 -0800 

Sorry, it's a typo, of course. I'm using X509_verify_cert(&ctx). Was it
supposed to work, i.e., successfully verify?

-a

Dr S N Henson wrote:

> Aaron Stromas wrote:
> >
> > I am probably making a silly mistake but I've been stuck on it for quite
> > a long time. Please help me to get out of my predicament. This is what
> > I'm doing:
> >
> > BIO *bstdout;
> > X509 *x, *ca;
> > X509_STORE *store;
> > X509_STORE_CTX ctx;
> >
> >     bstdout = BIO_new_fp(stdout, BIO_NOCLOSE);
> >     /* load & show CA cert */
> >     if (ca = load_cert(bstdout, "ca.pem", str2fmt("PEM"))) {
> >         X509_print(bstdout, ca);
> >         if (x = load_cert(bstdout, "cart.pem", str2fmt("PEM))) {
> >             X509_print(bstdout, x);
> >             store = X509_STORE_new();
> >             X509_STORE_set_default_paths(store);
> >             X509_STORE_add_cert(store, ca);
> >             X509_STORE_CTX_init(&ctx, store, x, NULL);
> >             if (X509_verify(&ctx))
> >                 printf("OK\n");
> >             else
> >                 printf("Nope\n");
> >         }
> >     }
> >
> > Although the cert loaded in x was issued by the CA whose cert is in ca
> > (openssl 0.9.5), I'm still getting "Nope". I must be misunderstanding
> > something, but what is it? TIA,
> >
>
> X509_verify()? Surprised it doesn't crash, that function is just for
> verifying a single certificate against a known public key, and it takes
> two arguments. If you are using X509_verify() (and that isn't just a
> typo) use X509_verify_cert() instead.
>
> Steve.
> --
> Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the   OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

--
Aaron Stromas    | "Tick-tick-tick!!!... ja, Pantani is weg..."
Oracle Corp      |                             BRTN commentator
+1 703.708.68.21 |                              L'Alpe d'Huez
                                            1995 Tour de France


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to