Hi,
I'm trying to verify a certificate-chain including CRLs.
To do this I'm pushing all certs (of the type X509)
on a STACK_OF(X509) by sk_X509_push(cert_stack, current_cert);
the trusted root-CA-cert is in CA_DIR
The following code is working fine (in the non-reduced version ;-) ),
but I have
Hi,
how can I verify multiple single DER-encoded certificates which I
recieve from a gateway and which represent a cert-chain alltogether.
I think this should be done like this (PseudoCode):
foreach (cert from chain)
check, if it was signed by the CA of the previous cert
Check if one of the
Nils Larsch wrote:
Andreas Hoffmann wrote:
...
md_ctx = EVP_MD_CTX_create();
EVP_VerifyInit_ex(md_ctx, EVP_sha1(), NULL );
EVP_VerifyUpdate(md_ctx, data, data_length);
sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey);
if (sig_err == -1) {
printf(An error occured while
The signature contains the value which is extracted from the
socket-datastream and is 128Bytes (1024bit) long.
What is in a signature in DER format? - Is it just the signature itself
or is there additional information?
What do the error-messages mean -
- Is there some problem while verifying
make this test to see exactly what you have as
errors.
if (err != 1) {
ERR_print_errors_fp (stderr);
exit (1);
}
Abdou,
That's almost exactly how I got the errors
I did:
sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey);
printf(Signature-Verification:
To see the format used you can do:
openssl rsautl -verify -certin -in signature -inkey cert.pem -hexdump
and post the result. Also try it with the -asn1parse option instead of
-hexdump.
# openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem
-asn1parse
Error in encoding
Hi
I want to obtain the errors that I have, and I use the function
ERR_print_errors_fp().
But , this give a empty file. And I have errors ...
My code:
ERR_load_crypto_strings();
fp = fopen(fileError, w);
ERR_print_errors_fp(fp);
fclose(fp);
Have you tried to direct the errors to stderr? using:
Hi,
I'm trying to verify a signature using the following code:
BIO* cert_bio;
X509 *cert;
X509 * x509;
EVP_PKEY * pkey;
EVP_MD_CTX *md_ctx;
int sig_err;
cert_bio = BIO_new_file(vpn_test_konz.pem, r);
if (cert_bio == NULL) {
printf(error reading PEM-file\n);
exit(1);
}
cert =