Greetings everyone,
My case is simple:
Windows HTTP client using openssl0.9.7b, a single server cert signed by
VeriSign.
the path is:
[VeriSign Class 3 Public Primary CA ] -----> [www.verisign.com/CPS Incorp.by
Ref. LTD.(c)97 VeriSign] -----> [my own cert]
After loading 2 parent certs with SSL_CTX_load_verify_locations(), the
verify callback does not complain anymore. However, that's not enough for
me. I also have to provide a mechanism to examin the whole cert chain, check
for problems and save them onto disk for later use, just like IE does. But
when I used the following code to get peer cert chain, the stack length was
always 1:
STACK_OF(X509) *pPeerChain = SSL_get_peer_cert_chain(ssl);
int stacklen = sk_X509_num(pPeerChain);
Is SSL_get_peer_cert_chain() the right function? Or is there another way to
do that kind of job?
Thanks for your attention.
Lei
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
