First of all thank you for your reply.
I read one of your previous replies to the following post and this seems to be what i need.
X509_AUX is a "trusted certificate" format
"With PEM_read_bio_X509_AUX if the certificate is trusted then the extra data
will be included."
will be included."
This returns an X509_AUX structure and i think its this auxilliary information that i need to decide whether the certificate is from a trusted authority or not. I don't know how to extract this information though. At the moment i get my X509 structure using SSL_get_peer_certificate(). I need to use this in order to get the server certificate. Then i extract the information held within this certificate using X509_NAME_print_ex() following
your previous advice. How would i go about getting this extra information that i need.
"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
On Tue, Mar 14, 2006, michael Dorrian wrote:
> Thanks for your reply. It makes sense that it does not trust any authority
> by default. I will try to research these functions a little more but it may
> be difficult to find a way to actually check that it was signed by a
> trusted authority. Anyway i appreciate the help.
>
If I understand your query can do this quite simply using
SSL_CTX_get_cert_store() and calling X509_STORE_add_cert() on it for each
trusted CA.
You need to have the CAs in the form of an X509 structure but there are
several documented ways to do that include d2i_X509() and PEM_read_bio_X509().
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Yahoo! Mail
Use Photomail to share photos without annoying attachments.
