Hi all,I am trying to verify a certificate and provide the possibility to directly trust an intermediate CA's certificate (not self-signed). After setting up the STORE and STORE_CTX and add the intermediate CA to the trusted certificates, when I use the "X509_verify_cert(ctx)" I get the usual "unable to get issuer certificate" - which would be fine for a "non-trusted" cert, but I would expect that to not be an issue for a trusted certificate.
Therefore, my question is what is the best method to have that behavior ?I tried to use the certificate callback to do that, but there is no function to get the trusted certificates' stack (i.e., there is a X509_STORE_CTX_get0_untrusted() but there is no equivalent for the trusted certificates' stack) - so I could not verify if the current certificate (in the verify callback call) is in the trusted stack or not...
Maybe there are flags / trust settings that can be used instead ? Cheers, Max -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director OpenCA Logo
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
