Hi, Just add a call to *OpenSSL_add_all_algorithms* at the beginning of your main and the certificate verification will be OK.
Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > > Hi, I'm a newbie user of OpenSSL. > I want to create a simple C program that verify a certificate chain like > this: > rootCA->CA-A->client > > i found this example on the internet that should work for two consecutive > certificate (but it doesn't work for me); i don't known how to create the > chain... > > [code] > #include <openssl/pem.h> > #include <openssl/x509_vfy.h> > #include <openssl/x509.h> > #include <openssl/ssl.h> > #include <openssl/x509v3.h> > > int main(int argc,char **argv) > { > > int i; > FILE *fp; > X509 * cert; > X509_STORE_CTX csc; > char *strerr; > > fp = fopen ("ca-a-cert.pem", "r"); > cert = PEM_read_X509 (fp, NULL, NULL, NULL); > > X509_STORE *ctx=NULL; > ctx=X509_STORE_new(); > X509_STORE_load_locations(ctx, "cacert.pem", "./"); > > X509_STORE_set_default_paths(ctx); > > X509_STORE_CTX_init(&csc,ctx,cert,NULL); > > if (X509_verify_cert(&csc) != 1) { > strerr = (char *) X509_verify_cert_error_string(csc.error); > printf("Verification error: %s\n", strerr); > return 1; > } > X509_STORE_CTX_cleanup(&csc); > > } > [/code] > > the output is: Verification error: certificate signature failure > > "cacert.pem" is the certificate of the rootCA, whereas "ca-a-cert.pem" is > the CA-A cert. > > the certificate are good because i verify it by the bash command: openssl > verify -CAfile cacert.pem ca-a-cert.pem > > with output: > ca-a-cert.pem: OK > > any suggestion? > > p.s. sorry for my bad English :) > -- > View this message in context: > http://old.nabble.com/verify-certificate-in-c-tp29043989p29043989.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
