Hello, > Can anyone please help me on the below question? > > Thanks, > Ravi. > > On 8/3/06, ravi shankar <[EMAIL PROTECTED]> wrote: > Hi, > > I am new to openssl. How do we tell the SSL client to trust > the server certificate in advance using openssl APIs. For > example, when we have the trusted root from the webserver, we > can use SSL_CTX_set_verify_locations function to tell the > client to trust the server certificate if it matches the > trusted root. > But when we have only the server certificate(before making the > connection itself) instead of the trusted root, which function > can be used to tell the ssl client to trust the server > certificate? Can any one explain me? I'm not sure if there is such API in OpenSSL, but ... .... if you already have server certificate and you want trust only this server, you may connect to this server (SSL_connect()) without peer authentication, after successful SSL connection, at your application layer you may get server certificate using SSL_get_peer_certificate(), calculate, for example, message digest of this certificate and compare with message digest of certificate that you already have, if comparing will be successful you proceed, if not - simply shutdown SSL connection.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
