On January 20, 2009 09:57:03 am Gerald Iakobinyi-Pich wrote: > Hello all, > > I am new to OpenSSL, and now I am confrontd with some problems. First > would be the following: let's assume I have a certificate (X509) which > has been issued by an CA. How is it possible to validate the > certificate through the CA (I mean establish a connection to the CA, > and let the CA do the actual validation). Can OpenSSL do this > automatically, when I call X509_verify_cert for example ? > What you are talking about is called SCVP (Server-based Certificate Validation Protocol), where a client delegates validation of the certificate to some other trusted entity. It doesn't have to be the CA, but could be any trusted party that is able to perform validations on behalf of a client.
That I know of, OpenSSL doesn't have any support for SCVP, although you could use OpenSSL and a good networking library to write an SCVP client and responder. However, because of the way that you formulated your question, I think that you may have some misunderstandings about the trust models that a PKI is designed to solve. I would suggest reading up on PKI in general, and then, and only then, try and solve your problem. Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
