Hello, > Hi, > How do i validate a certificate chain. is there a EVP api for it ? > thanks If we are talking about verifying X509 cert against CA certs this may be done for example like: -----------------------------
FILE *fp; X509_STORE * CAcerts; X509 * cert; X509_STORE_CTX ca_ctx; char *strerr; /* load CA cert store */ if (!(CAcerts; = X509_STORE_new())) { goto err; } if (X509_STORE_load_locations(CAcerts, "cacert.pem", NULL) != 1) { goto err; } if (X509_STORE_set_default_paths(CAcerts) != 1) { goto err; } /* load X509 certificate */ if (!(fp = fopen ("cert.pem", "r"))){ goto err; } if (!(cert = PEM_read_X509 (fp, NULL, NULL, NULL))){ goto err; } /* verify */ if (X509_STORE_CTX_init(&ca_ctx, CAcerts, cert, NULL) != 1) { goto err; } if (X509_verify_cert(&ca_ctx) != 1) { strerr = (char *) X509_verify_cert_error_string(ca_ctx.error); printf("Vrification error: %s", strerr); goto err; } X509_STORE_free(CAcerts); X509_free(cert); Hope this helps. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]