Alfred Thomas wrote:
Hi allIs the following supposed to work if testcert.pem is a selfsigned cert that failes with error 18 when I do openssl verify testcert.pem I want to ignore the fact that it is an untrusted cert and read the public key regardless. X509 * x509; EVP_MD_CTX md_ctx; const unsigned char * sig_buf = (unsigned char *)signature; FILE * fp = fopen ("testcert.pem", "rb"); if (fp != NULL) { x509 = PEM_read_X509(fp, NULL, NULL, NULL); fclose (fp); } EVP_PKEY * pkey = X509_get_pubkey(x509); if (pkey != NULL) { EVP_VerifyInit(&md_ctx, EVP_ecdsa()); EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data)); errorCode = EVP_VerifyFinal (&md_ctx, sig_buf, signatureLength, pkey); EVP_PKEY_free (pkey); }
EVP_Verify* doesn't care whether or not the cert from which the key is extracted is trusted, valid or self-signed. If the cert contains a valid public key the above code should work. Cheers, Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
