>From: owner-openssl-us...@openssl.org On Behalf Of Arthur Spitzer
>Sent: Tuesday, 05 June, 2012 04:48
>I need to verify a X.509 certificate against a self-signed X.509 CA,
>both certificates are in PEM-format. Doing this on the command line
>works so far: <snip>
>Right now I am working on a small piece of code that is supposed to
>do the same from C++ using the X509_verify_cert function.
>The problem is: The verification always fails with error code 7
("signature invalid"). I already tried three different attempts
>(documented in the attached cpp file) to build the trust chain,
>with the same result.
verify error 7 isn't a chain building problem, it's an error
verifying the signature (on the cert, against the parent).
http://www.openssl.org/support/faq.html#PROG6 tells you to
do ERR_print_errors_fp (or equivalent) which says 0D0C50A1, and
http://www.openssl.org/support/faq.html#PROG7 tells you to
ERR_load_crypto_strings (or equivalent, e.g. for SSL apps use
SSL_load_error_strings) which says ...:unknown message digest algorithm
and http://www.openssl.org/support/faq.html#PROG8
tells you OpenSSL_add_all_algorithms (or equivalent).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
