On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote:
> self reply :-)
>
> I've added a callback function like this
>
> static int cb(int ok, X509_STORE_CTX *ctx){
> char buf[256];
>
> X509_NAME_oneline(
> X509_get_subject_name(ctx->current_cert),buf,256);
> printf("%s\n",buf);
> printf("error %d at %d depth lookup:%s\n",ctx->error,
> ctx->error_depth,
> X509_verify_cert_error_string(ctx->error));
>
> /* Continue even if self signed */
> if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
>
> ERR_clear_error();
>
> return(ok);
> }
>
One mistake is here even if there were not compilation error
> and also add this line to the main
> X509_STORE_set_verify_cb_func(&ca_ctx,cb);
>
the correct code block is :
...
/* load CA cert store */
if (!(CAcerts = X509_STORE_new())) {
printf ("\nError1\n");
}
---> X509_STORE_set_verify_cb_func(CAcerts,cb);
...
> but the result is always the same :
>
Not always the boring "Verification error: certificate signature
failure"
But a new strange error :
/C=IT/ST=Italy/O=IIT-CNR/OU=lab18/CN=ubuntu-ser/[EMAIL PROTECTED]
error 7 at 1 depth lookup:certificate signature failure
Verification error: 0
I've tried to find any kind of reference for this kind of error but
google returns not a very good help.
In various forum/mailing list this is _classified_ as *quite strange*
error ... is it possible ?
Thanks in advance,
Flt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
