I am currently doing the suggested steps:
1- Loading your certificate (in PCCERT_CONTEXT structure) from Windows Cert
store using Crypto APIs
CertGetCertificateChain().
2- Get encrypted content of it in binary format as it is.
[PCCERT_CONTEXT->pbCertEncoded].
3- Parse this binary buffer into X509 certificate Object using OpenSSL's
d2i_X509() method.
4- Get handle to OpenSSL's trust store using SSL_CTX_get_cert_store()
method.
5- Load above parsed X509 certificate into this trust store using
X509_STORE_add_cert() method.
I am still getting the verify "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY"
error.
Thanks
-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Friday, January 18, 2013 6:20 PM
To: openssl-users@openssl.org
Subject: Re: Openssl server certificates validation error
On Fri, Jan 18, 2013 at 5:53 PM, Hazrat Shah <hs...@crestron.com> wrote:
>
> I am having problem with server certificate verification the
> SSL_get_verify_result() returns
>
> Error code 20.
From http://www.openssl.org/docs/apps/verify.html, that is
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
> I add a (xx.cert) file to the window certificate store as follow.
Perhaps it would be better to add it to a store used by OpenSSL by default?
http://stackoverflow.com/questions/9507184/can-openssl-on-windows-use-the-system-certificate-store
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
This e-mail message and all attachments transmitted with it may contain legally
privileged and confidential information intended solely for the use of the
addressee. If you are not the intended recipient, you are hereby notified that
any reading, dissemination, distribution, copying, or other use of this message
or its attachments is strictly prohibited.
