Alfred Thomas wrote:
Hi all
Is the following supposed to work if testcert.pem is a selfsigned cert that
failes with error 18 when I do openssl verify testcert.pem
I want to ignore the fact that it is an untrusted cert and read the public
key regardless.
X509 * x509;
EVP_MD_CTX md_ctx;
const unsigned char * sig_buf = (unsigned char *)signature;
FILE * fp = fopen ("testcert.pem", "rb");
if (fp != NULL) {
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
fclose (fp);
}
EVP_PKEY * pkey = X509_get_pubkey(x509);
if (pkey != NULL) {
EVP_VerifyInit(&md_ctx, EVP_ecdsa());
EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
errorCode = EVP_VerifyFinal (&md_ctx, sig_buf, signatureLength,
pkey);
EVP_PKEY_free (pkey);
}
EVP_Verify* doesn't care whether or not the cert from which the
key is extracted is trusted, valid or self-signed. If the cert
contains a valid public key the above code should work.
Cheers,
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]