On Thu, Jul 24, 2008 at 09:55:53AM +0000, [EMAIL PROTECTED] wrote:
> Hello list,
>
> I'd like to do more in my application on verifying the SSL certificates
> used. I'm finding that if I change my private key, but don't alter the
> ASN1 structure, then this fact isn't detected until later when I try to
> do an actual SSL handshake.
>
> Is there anyway to do this as part of my program starting up? That way I
> can tell the user and stop the program straight away.
>
> Thanks for any help,
SSL_CTX_check_private_key(3)
SSL_CTX_check_private_key() checks the consistency of a private key
with the corresponding certificate loaded into ctx. If more than one
key/certificate pair (RSA/DSA) is installed, the last item installed
will be checked. If e.g. the last item was a RSA certificate or key,
the RSA key/certificate pair will be checked. SSL_check_private_key()
performs the same check for ssl. If no key/certificate was explicitly
added for this ssl, the last item added into ctx will be checked.
Sample call sequence:
if (SSL_CTX_use_certificate_chain_file(...) <= 0) {
/* error */
}
if (SSL_CTX_use_PrivateKey_file(...) <= 0) {
/* error */
}
if (!SSL_CTX_check_private_key(...)) {
/* error */
}
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
