Hi guys !!!
Since last time, I've been working with "openssl verify" command and options and it works pretty good, but now I need to implement this certificate verification in C source code.
I did search in openssl and ssleay docs and found an example, I tried to implement this but fails .... this is a part of my source code :
X509 *x;
X509_STORE *csc=NULL;
X509_STORE_CTX *ctx;
X509_STORE_CTX *ctx;
.....
x=d2i_X509(NULL, &certificado, length); /* it's ok */
....
version=X509_get_version(x); /*ok */
.....
serial=X509_get_serialNumber(x); /*ok */
......
csc=X509_STORE_new(); /*begin verification example */
printf("paso 1\n");
X509_STORE_set_default_paths(csc);
printf("paso 2\n");
X509_STORE_CTX_init(ctx,csc,x,NULL); /*fails in this point */
printf("paso 3\n");
i=X509_verify_cert(ctx);
printf("paso 4 \n");
X509_STORE_CTX_cleanup(ctx);
printf("paso final \n");
if (i!=0) /*ok */
Notes: I have a CA self signed certificate ac.cer, and an enduser.cer certificate, both in CER form (not problem).
printf("paso 1\n");
X509_STORE_set_default_paths(csc);
printf("paso 2\n");
X509_STORE_CTX_init(ctx,csc,x,NULL); /*fails in this point */
printf("paso 3\n");
i=X509_verify_cert(ctx);
printf("paso 4 \n");
X509_STORE_CTX_cleanup(ctx);
printf("paso final \n");
if (i!=0) /*ok */
Notes: I have a CA self signed certificate ac.cer, and an enduser.cer certificate, both in CER form (not problem).
In openssl command line I make :
# openssl verify -CAfile ac_b64.cer ac_b64.cer <-|
ac_b64.cer:OK /*the cert is selfsigned */
# openssl verify -CAfile ac_b64.cer end_user_b64.cer <-|
end_user_b64:OK /*the cert was signed by ac.cer */
The same results are that I'm looking for ....
Help is needed again ..svp
Zainos
Do You Yahoo!?
Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por $100 al mes.
