Vincenzo Sciarra wrote:
I'm not sure what your problem is. Are you trying to verify certificates with a CA's revocation list or OCSP? Or are you trying to verify the CA's certificate itself (you can't do that automatically. A CA's certificate has to be trusted as far as OpenSSL is concerned)? Or do you want to verify that a client certificate is issued by an acceptable CA? Or are you just trying to load a CAfile into a context?Hi,I'm developing an application using X509 cert stardard. I'm trying to use a remote Certification Authority in client-server authentication exchange. In other words : Client send public key to server - Server verify client's public key with CA - Authentication exchange follow up My problems are : 1) How Server can trust a CA on demand using OpenSSL? (I thing that CA should be pre-trusted) 2) Using OpenSSL API how can server get public key verification from CA?
Please be a bit more specific. Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
