I agree -- a lot of the advanced architectures I'm studying have
a trust root that is NOT self-signed, instead it is signed by
another certificate somewhere else. In a different verification
paradigm the certificate in question is NOT in fact a trust point
but instead is signed by a chain that
X509_verify_cert will construct the cert chain upto the ROOT CA and then
validates the chain and finally verify the self-certificate. What I
understand is that this function expects the ROOT CA to be
self-signed and
it MUST be present in the trusted list.
Right.
1. Is it MUST
On Tue, 16 Nov 2004, David Schwartz wrote:
X509_verify_cert will construct the cert chain upto the ROOT CA and then
validates the chain and finally verify the self-certificate. What I
understand is that this function expects the ROOT CA to be
self-signed and
it MUST be present in
Hi all,
I hava a doubt regarding X509_verify_cert.
What I understand from the documentation of verify is that we need to
pass all the trusted certs and all the un-trusted certs.
X509_verify_cert will construct the cert chain upto the ROOT CA and then
validates the chain and finally verify the