about certificate verifying

[Wu Junwei]

Hi,all         I have a question about the certificate verifying.     I know OpenSSL has provided the X509_verify_cert() to do this function. And I should use X509_STORE_CTX_init() to do the initialization work. But I now have only the certificates stack and  no store exists.   So can I use X509_STORE_CTX_init(&ctx, NULL, signer, bs->certs) to do the initialization work? Is there any problem if I use NULL to take the place of store ?   And should I call this function in x509_vfy.c ?   /* Set alternative lookup method: just a STACK of trusted certificates.  * This avoids X509_STORE nastiness where it isn't needed.  */ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {  ctx->other_ctx = sk;  ctx->get_issuer = get_issuer_sk; }     Thanks,   wjw