[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: Validating Cert Chain
From:       Marek Marcola <Marek.Marcola () malkom ! pl>
Date:       2006-08-30 11:10:03
Message-ID: 1156936203.3360.46.camel () nx9010
[Download RAW message or body]

Hello,
> i have a question about this following method
> 
> int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
> 			 X509 *x509, STACK_OF(X509) *chain);
> 
> if i understand this correctly the argument 'x509' is the cert that u want 
> to be verified & the 'chain' is the chain of untrusted certificates(leading 
> up to a cert that is trusted or root, right ?).
> So i one calls X509_verify_cert(X509_STORE_CTX); it would verify the x509 
> cert specified as well as all the chain. is that correct ?
> also how do i get a STACK_OF(X509) from files containg pem certs ?
yes, look at function load_untrusted in OpenSSL apps/verify.c

Best regards,
-- 
Marek Marcola <Marek.Marcola@malkom.pl>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]