Re: Quick question on verify a certificate

Tue, 27 Mar 2012 22:57:40 -0700 

Hi Ricky,

Please have a look at following tutorial link
http://etutorials.org/Programming/secure+programming/Chapter+10.+Public+Key+Infrastructure/10.5+Performing+X.509+Certificate+Verification+with+OpenSSL/


Above link could be of your help.

Regards,
Akash


On Thu, Mar 22, 2012 at 6:44 PM, ricardo brillon <[email protected]>wrote:

> I am trying to verify the server side certificate from a windows client
> and will need to also check if the certificate is revoke.******
> I am not sure if I need to call
> "spc_x509store_setcrlfile(mp_x509Store,(char*)CrlFile).and
> spc_x509store_setcrlfile(mp_x509Store,(char*)CrlFile).
> as the below function show to pass down the CRL list.  Or by calling
> SSL_CTX_load_verify_locations with the CAFile provide openssl with the CRL
> information to populate the internal X509 store .****
> ** **Also will calling SSL_get_verify_result will do a check if the
> certificate  is revoke or do I need to check this manually?****
> ** **
> Thanks****
> Any Help will be great.****
> Ricky
>
> bool SetupVerifyDetailsForClient(SSL_CTX* ctx,const char* CaFile,const
> char* CertFile,const char* KeyFile,const char * CrlFile)****
> {****
>       ****
>                if (SSL_CTX_load_verify_locations(ctx, CaFile, CADIR)!= 1)*
> ***
>                {****
>                               SetErrorMsg("Error loading CA file and/or
> directory");****
>                               return false;****
>                }****
>                if (SSL_CTX_set_default_verify_paths(ctx) != 1)****
>                {****
>                               SetErrorMsg("Error loading default CA file
> and/or directory");****
>                               return false;****
>                }****
>                if (SSL_CTX_use_certificate_file(ctx, CertFile,
> SSL_FILETYPE_PEM) != 1)****
>                {****
>                               SetErrorMsg("Error loading certificate from
> file");****
>                               return false;****
>                }****
>                if (SSL_CTX_use_PrivateKey_file(ctx,KeyFile,
> SSL_FILETYPE_PEM) != 1)****
>                { ****
>                               SetErrorMsg("Error loading private key from
> file");****
>                               return false;****
>                }****
>                if ( !SSL_CTX_check_private_key(ctx) )****
>                {****
>                               SetErrorMsg("Private key does not match the
> public certificate");****
>                               return false;****
>                }****
>                spc_x509store_setcrlfile(mp_x509Store,(char*)CrlFile);****
>                spc_x509store_setcrlfile(mp_x509Store,(char*)CrlFile);****
> ** **                  return true;****
> }****
> ** **
> ** **
> ** **
>

Reply via email to