I'm having a very peculiar problem.
I'm doing the following to verify that this cert is signed by our root
certificate, and that it's a valid cert:
X509_STORE *store = X509_STORE_new();
if (store)
{
X509_STORE_set_verify_cb_func(store, _glicVerificationCallback);
// load the CACert
X509 *caCert = X509_new();
if (caCert)
{
unsigned char *caDERPtr = &subCACert[0]; // subCACert is our public
root certificate
if ( d2i_X509(&caCert, &caDERPtr, CACERTLENGTH) )
{
if ( X509_STORE_add_cert(store, caCert) )
{
X509_STORE_CTX *verifyCTX = X509_STORE_CTX_new();
if (verifyCTX && X509_STORE_CTX_init(verifyCTX, store,
licenseCert, NULL)) // licenseCert is passed in
{
if (X509_verify_cert(verifyCTX))
printf("yay:)\n");
else
printf("nay:(\n");
X509_STORE_CTX_free(verifyCTX);
}
}
}
X509_free(caCert);
}
X509_STORE_free(store);
}
Now what's strange, is this works (I get a yay:)) on two of the three platforms
we support, using the same cert, of course.
Specifically, it works on x86-64 and Netware.
Specficially, it DOES NOT work on x86. (I get a nay:()
The error it returns is: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
This also works fine on ALL THREE platforms (x86-64, Netware, x86) using 0.9.7g.
Any ideas?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
