Question about SSL_CTX_load_verify_locations()
Hi, I am using "SSL_CTX_load_verify_locations(ssl_ctx, NULL, CApath)" function to load the CA certificates from the "CApath" directory. Since the certificates in CApath are only looked up when required, my questions is that, is any openssl function can be used to load all trusted CA certificates from CApath before performing the verification of a peer certificate? Thanks Bob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question about SSL_CTX_load_verify_locations
You need to SSL_CTX_new() before using the context with
SSL_CTX_load_verify_locations().
--- "Paul E. Bible" <[EMAIL PROTECTED]> wrote:
> Hi there,
>
> I'm currently working on an application that uses SSL for its Internet
> communications. In this applications, I am verifying the certificates
> being used, which requires that I execute the
> SSL_CTX_load_verify_locations() method as shown below:
>
> #define CAFILE"root.pem"
> #define CADIR NULL
> #define CERTFILE "server.pem"
>
> SSL_CTX *setup_server_ctx()
> {
> SSL_CTX *ctx;
>
> *if (SSL_CTX_load_verify_locations(ctx, CAFILE, CADIR) != 1)
> int_error("Error loading CA file and/or directory")*;
> if (SSL_CTX_set_default_verify_paths(ctx) != 1)
> int_error("Error loading default CA file and/or directory");
> ctx = SSL_CTX_new(SSLv3_method());
> if (SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) != 1)
> int_error("Error loading certificate from file");
> if (SSL_CTX_use_PrivateKey_file(ctx, CERTFILE, SSL_FILETYPE_PEM) != 1)
> int_error("Error loading private key from file");
> SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
>verify_callback);
> SSL_CTX_set_verify_depth(ctx, 4);
>
> return ctx;
> }
>
>
> Unfortunately, when the program executes the SSL_CTX_load_verify_locations() method,
>a
> Segmentation Fault is signaled. I have ensured that both the root.pem and server.pem
> certificates exist and they appear to be valid (i.e., I can view them using the
>openssl
> command line program).
>
> My environment is Redhat Linux v7.3 with OpenSSL 0.9.6b-28.
>
> Any thoughts and/or suggestions?!?!
>
> Thank you in advance,
> Paul
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
__
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Question about SSL_CTX_load_verify_locations
Hi there,
I'm currently working on an application that uses SSL for its Internet
communications. In this applications, I am verifying the certificates
being used, which requires that I execute the
SSL_CTX_load_verify_locations() method as shown below:
#define CAFILE "root.pem"
#define CADIR NULL
#define CERTFILE"server.pem"
SSL_CTX *setup_server_ctx()
{
SSL_CTX *ctx;
*if (SSL_CTX_load_verify_locations(ctx, CAFILE, CADIR) != 1)
int_error("Error loading CA file and/or directory")*;
if (SSL_CTX_set_default_verify_paths(ctx) != 1)
int_error("Error loading default CA file and/or directory");
ctx = SSL_CTX_new(SSLv3_method());
if (SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) != 1)
int_error("Error loading certificate from file");
if (SSL_CTX_use_PrivateKey_file(ctx, CERTFILE, SSL_FILETYPE_PEM) != 1)
int_error("Error loading private key from file");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
SSL_CTX_set_verify_depth(ctx, 4);
return ctx;
}
Unfortunately, when the program executes the SSL_CTX_load_verify_locations() method, a
Segmentation Fault is signaled. I have ensured that both the root.pem and server.pem
certificates exist and they appear to be valid (i.e., I can view them using the openssl
command line program).
My environment is Redhat Linux v7.3 with OpenSSL 0.9.6b-28.
Any thoughts and/or suggestions?!?!
Thank you in advance,
Paul
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
