Hi all, I have two issues when I am trying to verify the certificates from an SSL connection. In particular I have difficulties in understanding how to: - Add a set of certificates that are to be trusted (trust anchors..) - Add a set of certificates that might be needed to build the chain (not trust anchors.. ) - Accept a chain of certificates where a self-signed cert is present without that error to be the only one reported in the verify callback (i.e., are there any flags I can set to avoid the error ?)
So far, from the source code, I thought that by using:
store = SSL_CTX_get_cert_store(ctx);
X509_STORE_add_cert (store, cert);
...
ssl = SSL_new ( ctx );
I would add the cert to the trusted ones.. but it does not seem to work :(
Where are the functions or the right pointers to do that without using the
SSL_CTX_load_verify_locations() ???
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [email protected]
[email protected]
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
smime.p7s
Description: S/MIME Cryptographic Signature
