Hi Ciprian, Thanks for the immediate reply . I have some questions on both the approaches suggested.
You can create a file where you may concatenate all your trusted certificates in PEM format and use that file for verification. [Mayur]--- Is there any openSSL api which helps parsing this file[say myStorageFile] which has all my root certificates in it. ? Also my intention as mentioned in the scenario in previous mail is that I ll be passing a chain A -->B and would like to find C [self signed ,root certificate] from myStorageFile .* * Another way is to store your trusted certificates in PEM format in filesystem and create a folder from where you create symbolic links to every certificate. The symbolic link name should be named as <HASH>.0. <HASH> can be obtained from the certificate using -hash option like: openssl x509 -in root.cer -hash [Mayur]----After storing links to my PEM format Certificate files how do I parse the folder having links to get root C for my chain A -->B ? Regards, Mayur On Fri, Jul 15, 2011 at 10:05 PM, Ciprian Pavel <ciprian.pa...@gmail.com>wrote: > Hi Mayur, > > You can create a file where you may concatenate all your trusted > certificates in PEM format and use that file for verification. > Another way is to store your trusted certificates in PEM format in > filesystem and create a folder from where you create symbolic links to every > certificate. The symbolic link name should be named as <HASH>.0. <HASH> can > be obtained from the certificate using -hash option like: > openssl x509 -in root.cer -hash > > If you need CRL checking the same procedure can be applied with the > exception that the symbolic link name has to be <HASH>.r0. > > > Regards, > Ciprian > > > On Fri, Jul 15, 2011 at 3:01 PM, Mayur Premi <premi.ma...@gmail.com>wrote: > >> Hi , >> I am using openssl for signature verification of the files in my >> application. >> For supporting multiple root certificates , Is there a db or storage >> area[file] which openssl searches >> while finding the root of the passed input certificates ? >> >> I am using X509_Verify_cert api of openssl to verify certificates. >> >> The scenario is as below : >> Say I have 2 certificates A and B in my application , A's Issuer is B and >> B 's issuer is C. >> Here C is the [self signed] root certificate. Can I store C somewhere in >> openssl and find it >> to complete the chain A-->B-->C >> >> Regards, >> Mayur > > >