OpenSSL does not, by default, trust ANY certification authorities. This means that you have to give it the certs directly.
It looks like the only way to do that at this point is to call the (mostly) undocumented SSL_CTX_set_cert_store() function. The best documentation at this point is the source -- I'd suggest picking apart the SSL_CTX_load_verify_locations() and figure out how it creates and sets the store. -Kyle H On 3/14/06, michael Dorrian <[EMAIL PROTECTED]> wrote: > I know SSL_CTX_load_verify_locations() loads the CAs you trust from a pem > file that you store locally on your client machine but i cannot use this > function as i dont want to read a pem file on the client side. I want to > know if you can check to see if the server certificate presented was signed > by a trusted certification authority or if its from a self signed CA. Is > there any function in Openssl that can check for this?. I basically want to > accomplish the same thing as when you connect to a secure server with your > browser. If its a self signed certificate an extra dialog box appears > warning you about this, if not this dialog box does not appear. I am not > worried about the dialog boxes of course just a way of distinguishing > between them. Is there a function in Openssl that does this?. > > ________________________________ > Yahoo! Travel > Find great deals to the top 10 hottest destinations! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
