Re: trust chain building for X509_verify_cert

Wed, 06 Jun 2012 22:32:18 -0700 


His code WORKS fine with OpenSSL library initialization. I checked.
The verification failed because OpenSSL couldn’t find digest algorithm.
Special error checking isn't needed now, the reason is the absence of 
OpenSSL_add_all_algorithms function or similar.

-------------------------------------------------------------------------------------------
From: Dave Thompson
Sent: Thursday, June 07, 2012 5:43 AM
To: openssl-users@openssl.org
Cc: 'Alexander Kirschner'
Subject: RE: trust chain building for X509_verify_cert

From: owner-openssl-us...@openssl.org On Behalf Of Arthur Spitzer
Sent: Tuesday, 05 June, 2012 04:48



I need to verify a X.509 certificate against a self-signed X.509 CA,
both certificates are in PEM-format. Doing this on the command line
works so far: <snip>
Right now I am working on a small piece of code that is supposed to
do the same from C++ using the X509_verify_cert function.



The problem is: The verification always fails with error code 7

("signature invalid"). I already tried three different attempts

(documented in the attached cpp file) to build the trust chain,
with the same result.


verify error 7 isn't a chain building problem, it's an error
verifying the signature (on the cert, against the parent).

http://www.openssl.org/support/faq.html#PROG6 tells you to
do ERR_print_errors_fp (or equivalent) which says 0D0C50A1, and
http://www.openssl.org/support/faq.html#PROG7 tells you to
ERR_load_crypto_strings (or equivalent, e.g. for SSL apps use
SSL_load_error_strings) which says ...:unknown message digest algorithm
and http://www.openssl.org/support/faq.html#PROG8
tells you OpenSSL_add_all_algorithms (or equivalent).


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager majord...@openssl.org 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to