hello!
Suppose that I have a CA-cert A and a cert B that is signed by the
public key of A. I am trying to figure out how to verify that B is
certified by A:
This is what I got so far (which I clearly havent compiled yet :-)
/* load the cert (this works just fine) */
fp = fopen(argv[2], "r");
if (fp == NULL) {
fprintf(stderr, "Failed to open certfile!\n");
exit(1);
}
cert = PEM_read_X509(fp, NULL, NULL, NULL);
if (cert == NULL) {
fprintf(stderr, "Failed to read cert from certfile!\n");
exit(1);
}
fclose(fp);
ERR_load_crypto_strings();
/* this is where I am confused, From reading ariels "manuals" I get the
impression that I should create a X509_STORE that contains the ca-cert.
Then I should init the X509_STORE_CTX with this and also an
STACK_OF(X509) containing the cert I would like to verify with the
ca-cert */
csc = X509_STORE_CTX_new();
if (csc == NULL) {
fprintf(stderrr, "Failed to create store!\n");
ERR_print_errors(bio_err);
exit(1);
}
X509_STORE_CTX_init(csc, ctx, cert, uchain);
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
if (!X509_verify_cert(csc)) {
fprintf(stderr, "Verification of cert failed!\n");
exit(1);
}
X509_STORE_CTX_free(csc);
Any hints, clarifying comments, or pointers to docs are very welcome.
Best regards:
Douglas
--
------------------------------------------------------
Douglas Wikström <[EMAIL PROTECTED]>
------------------------------------------------------
Yes, God created Man before Woman,
but one always makes a draft before the masterpiece.
------------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
