On Wed, Aug 28, 2002 at 11:25:51AM -0400, Shaheed Bacchus wrote:
> Shaheed Bacchus wrote:
>
> > hi all,
> > i am having some problems getting certificate verification to
> > work. i have two certs
> >
> > X509 *client;
> > Subject: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=MyTest
> > Issuer: /C=AU/ST=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
> >
> > X509 *issuer;
> > Subject: /C=AU/ST=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
> >
> > at various points in my code i do:
> > X509_LOOKUP *lookup;
> > X509_STORE_CTX *storectx;
> >
> > /* ctx is a valid SSL_CTX * passed in from elsewhere */
> > lookup=X509_STORE_add_lookup(ctx->cert_store,X509_LOOKUP_file());
> > X509_STORE_add_cert(ctx->cert_store, issuer);
> > X509_STORE_set_verify_cb_func(ctx->cert_store, certcb)
> > /*certcb is a basic routine and is defined elsewhere*/
> > X509_STORE_CTX_init(storectx, ctx->cert_store, client, NULL);
> > X509_verify_cert(storectx);
> >
> > when i run this verify i always get
> > error 2 at 1 depth lookup:unable to get issuer certificate
> > if i examine the storectx in certcb() i find that
> > storectx->cert = client
> > storectx->current_cert = issuer
> > storectx->current_issuer = NULL
> >
> > any ideas on what i'm doing wrong? thanks.
You don't give more detailed information about "issuer".
Is "issuer" a self signed root CA certificate?
>From the error message it seems, that it is not. The "depth 1" indicates,
that the "issuer" certificate is correctly retrieved from the
store, but the verification routine tries to walk further down the tree.
Unfortunately you edited out the "Issuer:" information for the "issuer"
certificate.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
