Hi Mayur, You can create a file where you may concatenate all your trusted certificates in PEM format and use that file for verification. Another way is to store your trusted certificates in PEM format in filesystem and create a folder from where you create symbolic links to every certificate. The symbolic link name should be named as <HASH>.0. <HASH> can be obtained from the certificate using -hash option like: openssl x509 -in root.cer -hash
If you need CRL checking the same procedure can be applied with the exception that the symbolic link name has to be <HASH>.r0. Regards, Ciprian On Fri, Jul 15, 2011 at 3:01 PM, Mayur Premi <premi.ma...@gmail.com> wrote: > Hi , > I am using openssl for signature verification of the files in my > application. > For supporting multiple root certificates , Is there a db or storage > area[file] which openssl searches > while finding the root of the passed input certificates ? > > I am using X509_Verify_cert api of openssl to verify certificates. > > The scenario is as below : > Say I have 2 certificates A and B in my application , A's Issuer is B and B > 's issuer is C. > Here C is the [self signed] root certificate. Can I store C somewhere in > openssl and find it > to complete the chain A-->B-->C > > Regards, > Mayur