I want to verify that a client certificate is issued by an acceptable CA.
Thanks
2006/10/5, Bernhard Froehlich <[EMAIL PROTECTED]>:
Vincenzo Sciarra wrote:
> Hi,
>
> I'm developing an application using X509 cert stardard.
> I'm trying to use a remote Certification Authority in
> client-server authentication exchange.
>
> In other words :
>
> Client send public key to server - Server verify client's public key
> with CA - Authentication exchange follow up
>
>
> My problems are :
>
> 1) How Server can trust a CA on demand using OpenSSL? (I thing that CA
> should be pre-trusted)
> 2) Using OpenSSL API how can server get public key verification from CA?
I'm not sure what your problem is. Are you trying to verify certificates
with a CA's revocation list or OCSP? Or are you trying to verify the
CA's certificate itself (you can't do that automatically. A CA's
certificate has to be trusted as far as OpenSSL is concerned)? Or do you
want to verify that a client certificate is issued by an acceptable CA?
Or are you just trying to load a CAfile into a context?
Please be a bit more specific.
Hope it helps,
Ted
;)
--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
