Re: How to load a chain of certificates ?

Sat, 21 Jun 2008 14:20:22 -0700 

delcour.pierre wrote:

Hello,

Ariel Salomon wrote:


Hi Pierre,
If you are using this certificate chain for an SSL connection, use SSL_CTX_use_certificate_chain_file which does precisely what you are asking. If you are just looking for a way to load this chain for other uses, the source code for that function should help you out. 

take a look at the man page:
http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html

 - Ariel

delcour.pierre wrote:

Hello everyone,

I have to load a chain of x509v3 certificates which is only one file,
like this one (i cut it):

-----BEGIN CERTIFICATE-----
MIIEjjC[...]7DjKlgcOcx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEfzC[...]ds0pfH
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEeT[...]AxQv6oN
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEdjC[...]1zwDx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEcjC[...]WziILI=
-----END CERTIFICATE-----

So, how can i load it thanks to openssl ?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]
Thank's for your answer. I took a look at this page, and i wrote this code : 

   SSL_CTX *ctx = NULL;
   ctx = SSL_CTX_new(SSLv23_method());
cout << SSL_CTX_use_certificate_chain_file(ctx, "/home/pierred/chain/cert.chain.pem) << endl;
I only got a segmentation fault. After looking at the source code of the SSL_CTX_use_certificate_chain_file, i found that the seg. fault is due to this line : 
ret=SSL_CTX_use_certificate(ctx,x);
I thought, i have to use another function instead of this one "SSLv23_method()". I try SSLv3_method(), but no change. 

I 'm using openssl 0.9.8g on kubuntu 8.04.

Thank's in advance,
pierre delcour.

Answer :

   SSL_CTX *ctx = NULL;
   if (!SSL_library_init())
       return -1;
if (!(ctx = SSL_CTX_new(TLSv1_method ()))) 
      return -1;
if (SSL_CTX_set_default_verify_paths(ctx) != 1) 
       return -1;
if ( SSL_CTX_use_certificate_chain_file(ctx, chain_filename) != 1) 
      return -1;

All the certificates are in the stack_of(X509)*  : ctx->extra_certs

Have a nice day

Reply via email to