Re: trust chain building for X509_verify_cert

Wed, 06 Jun 2012 07:17:42 -0700 


Hi, Arthur.
The verification always fails because OpenSSL can’t find digest algorithm. You(as I just now) forgot about OpenSSL initialization. You must add at the beginning of the main function next code: 

//SSLeay library init (libcrypto)
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();


There are another variants of initialization(if will be necessary):
//SSL library init(libssl)
ERR_load_SSL_strings();
SSL_library_init();

//OpenSSL library init (both libcrypto and libssl)
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();


------------------------------------------------------------------------------------------------------------------
From: Arthur Spitzer
Sent: Tuesday, June 05, 2012 12:48 PM
To: openssl-users@openssl.org
Cc: Alexander Kirschner
Subject: trust chain building for X509_verify_cert

Hi,
I need to verify a X.509 certificate against a self-signed X.509 CA, both certificates are in PEM-format. Doing this on the command line works so far: 

openssl verify -CAfile caCertificate.pem certificate.pem
certificate.pem: OK

The version of OpenSSL is: 1.0.0j-fips 10 May 2012.
Right now I am working on a small piece of code that is supposed to do the same from C++ using the X509_verify_cert function.
The problem is: The verification always fails with error code 7 (“signature invalid”). I already tried three different attempts (documented in the attached cpp file) to build the trust chain, with the same result.
The relevant source code (certificates as char arrays included in the cpp) and both certificates are attached. I would be very grateful if you could give me a hint. Right now I am a little lost. 

Thanks in advance & Best regards,

Arthur


Dipl.-Math. Arthur Spitzer, Software Architect
Phone: +49.89.45 23 47 - 260


jambit Software Development & Management GmbH
Erika-Mann-Str. 63, 80636 München
Phone: +49.89.45 23 47-0 Fax: +49.89.45 23 47-70

http://www.jambit.com where innovation works

Geschäftsführer: Peter F. Fellinger, Markus Hartinger
Sitz: München; Registergericht: München, HRB 129139

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to