Same problem.
I wanted to know where is stocked the Server certificate during the SSL/TLS
communication.
For example I have my client who connect to a web service using SSL/TLS.
I wanted that my client get the certificate used by the server to get his
name.
Is it possible?
Thanks,
Maxime.
2008/6/14 Kah Goh <[EMAIL PROTECTED]>:
> Hi,
>
> I had a look at X509_STORE_CTX_init and I agree that it looks like it might
> cause seg fault, although I think it is unlikely. But first, may I ask, what
> makes you think it comes from X509_STORE_CTX_init? Was it from a core dump?
> It is possible for X509_get _issuer_name to cause segmentation fault as
> well.
>
> Other comments:
>
> - Use SSL_CTX_get_cert_store(ctx) to get the X509_STORE from SSL_CTX
> instead.
> - X509_name_oneline is discouraged, according to the documentation.
> This is a minor thing though...
>
> --- Kah
>
> 2008/6/13 BRACHET Maxime <[EMAIL PROTECTED]>:
>
> Hi,
>>
>> Yes, I tried something like this :
>>
>> char data[256];
>> SSL_CTX *context = (&soap)->ctx;
>> X509_STORE *store = context->cert_store;
>> X509_STORE_CTX xs_ctx;
>> X509_STORE_CTX_init(&xs_ctx,store,NULL,NULL);
>> X509 *cert = X509_STORE_CTX_get_current_cert(&xs_ctx);
>> fprintf(stderr, "SSL verify error or warning with certificate at depth
>> %d: %s\n", X509_STORE_CTX_get_error_depth(&xs_ctx),
>> X509_verify_cert_error_string(X509_STORE_CTX_get_error(&xs_ctx)));
>> X509_NAME_oneline(X509_get_issuer_name(cert), data, sizeof(data));
>>
>> but It give me a segmentation fault error.
>> I think it come from that the X509_STORE_CTX_init take in parameter a X509
>> certificate, the one I want to get .
>>
>> any other idea ?
>>
>> Thanks,
>> Maxime.
>>
>> 2008/6/13 Klarth <[EMAIL PROTECTED]>:
>>
>>> Hi
>>>
>>> I think you want to use X509_STORE_CTX_init to put the X509_STORE in
>>> X509_STORE_CTX.
>>> --- Kah
>>>
>>> On Jun 13, 3:36 pm, [EMAIL PROTECTED] ("BRACHET Maxime") wrote:
>>> > Hi,
>>> >
>>> > I am using gSOAP which use openssl.
>>> > I establish a connexion to a server using TLS, and I wanted to get the
>>> Name
>>> > of the Server certificate.
>>> > I can access to a X509_STORE trough ctx->cert_store.
>>> > But I don't find how to get the Server certificate.
>>> >
>>> > I found the X509_STORE_CTX_get_current_cert(store) method, but to use
>>> it I
>>> > need a X509_STORE_CTX.
>>> > Is it possible to get a X509_STORE_CTX from a X509_STORE ?
>>> >
>>> > Thanks in advance.
>>> >
>>> > Regards,
>>> > Maixme
>>>
>>
>>
>
