Hi,

I'm trying to devellop an app which should be able to verify if a certificate might be trusted.

I have a directory where I store CA root certificates. I want my app to check if a certificate is signed by the mentioned CA on the ISSUER field. In order to do this, it might look on this directory and check if it can find the root certificate of the CA who signed the certificate.

I use this code (I removed the error processing for the mail):

lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir())
....
X509_LOOKUP_add_dir(lookup,"./roots",X509_FILETYPE_ASN1)
/* Certs in DER */
....
verify_ctx=X509_STORE_CTX_new()
....
X509_STORE_CTX_init(verify_ctx,store,cert,NULL)
....
X509_verify_cert(verify_ctx)

It never returns 1.

Does anybody have an idea ?

Regards
--
Florian Manach
NUMLOG
[EMAIL PROTECTED]
(+33)0130791616
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to