I am currently working on a wrapper around the X509_verify_cert
function using 0.9.7m compiled on win32 via Cygwin in C and I'm having a few
issues.
It seems when I run my verify wrapper function in my test bench (it
creates csr's, certificates, crl's, and does validation, printing, etc in
the same test program) occasionally the X509_verify_cert function will fail
(return 0). However, if I run just my wrapper that uses verify_cert, it
always returns 1, as does the openssl tool itself.
This problem does not occur when using the same code through Solaris.
It "seems" like a concurrency issue, and, although my program is not
multithreaded, I was curious if it could be an issue regarding validation
timing (as the granularity appears to be full seconds) or if something else
is going on (memory leaks, etc). The certificate has a validity date of 1
year, as does the CRL, and the CRL shows no certificates revoked.
Additionally, the CA certificate is valid for 1 year as well.
Any help would be much appreciated. Additionally, I know Dr. Henson
suggested to one user that he/she was not retrieving the debug information
from X509_verify_cert, and I have attempted to do this with ERR_get_errors
following the failed verification, but nothing is printed to stdout. If I am
using the wrong function for this purpose, please let me know!
Thanks!
Brian
