Pls, see below. -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Friday, January 18, 2013 8:11 PM To: openssl-users@openssl.org Subject: RE: Openssl server certificates validation error
>From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah >Sent: Friday, 18 January, 2013 17:54 Additional to previous sent prematurely: >On OpenSSL startup, the file is read from window certifcate store and >saved into the X509 certificate store. >1) File is read from window certificate store with CertGetCertificateChain() function. According to msdn online, that returns a whole lot of cruft in addition to the actual cert or certs in the chain or maybe chains. I hope you are passing ONLY the actual cert to d2i_x509(). [HS] Yes that is correct. >2) The buffer is converted from DER to X509 format via d2i_X509() function. I hope you checked this step succeeded = returned or set non-null. [HS] It is not-null. >3) The certificate is then added to the X509 certificate store via X509_STORE_add_cert function. If the X509 pointer is null, X509_STORE_add_cert ignores it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If you are not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
