On Tue, Mar 14, 2006, michael Dorrian wrote: > Thanks for your reply. It makes sense that it does not trust any authority > by default. I will try to research these functions a little more but it may > be difficult to find a way to actually check that it was signed by a > trusted authority. Anyway i appreciate the help. >
If I understand your query can do this quite simply using SSL_CTX_get_cert_store() and calling X509_STORE_add_cert() on it for each trusted CA. You need to have the CAs in the form of an X509 structure but there are several documented ways to do that include d2i_X509() and PEM_read_bio_X509(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
