On 08/23/2010 06:19 PM, Bram Cymet wrote:
Hi,
Does any know of what would cause ctx->error to be set to 0 (X509_V_OK
) with a call to x509_verify_cert() that should result in
X509_V_ERR_UNABLE_TO_GET_CRL.
From the OpenSSL Source (x509_vfy.h) it looks like that would mean
there were uninitialized values but is there anyway for me to figure
out what these values are?
Thanks,
After a little more experimentation I have found that if I run
x509_verify_cert() twice in a row with the same CTX everything works the
way it is supposed to. The first time it returns 0 and CTX->current_cert
is set to NULL. Then after it is run a second time the error is 3
(X509_V_ERR_UNABLE_TO_GET_CRL) and current cert set to something valid.
Any idea what would cause this behavior? Could the application
(kerberos) be setting up something wrong? Could there be something wrong
with my certs?
I am fairly sure that there is nothing wrong with my certs as I can run
the validation just fine with the openssl command line tools.
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
