Hi Nicholas, Not calling OpenSSL_add_all_algorithms(); at the beginning could cause it? Cheers, Frank > Nicholas Mainardi <mailto:mainardinicholas at gmail.com> > Monday, February 01, 2016 8:57 PM > I wrote this small program which takes as input X509 certificates, > base64-encoded, parse them and build a certificate chain, which is > eventually verified by |x509_Verify_cert()|. The last certificate is > added to the trusted store if it's self-signed, in order to avoid > OpenSSL policy about self.signed certificates, as it's recommended in > this post > <https://zakird.com/2013/10/13/certificate-parsing-with-openssl/>. The > code is at this pastebin link <http://pastebin.com/2N2DSxbe>. > > However, when I run this with a correct certificate chain (Facebook > one, already tested with other libraries), I got error 7, certificate > signature validation, at depth 1. The certificate chain is composed by > server certificate, CA certificate and a self-signed root certificate, > which is also in the trusted system store. Hence, it seems that the > public key of the self-signed root certificate is not correctly used > to verify the signature on the CA certificate. Moreover, I compile the > same source but linking boringSSL crypto library instead of OpenSSL > one, and everything works perfectly. Hence, my hyphotesis is that this > is an OpenSSL issue found by Google and fixed in BoringSSL, but it has > not been fixed in OpenSSL yet. So, I would like to know if I'm missing > some steps in order to properly use |x509_verify_cert()| method, or my > hyphotesis about BoringSSL fixing could be appropriate. > > Thank You, > > Nicholas > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Sent with Postbox <http://www.getpostbox.com> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160201/83a8a715/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: compose-unknown-contact.jpg Type: image/jpeg Size: 770 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160201/83a8a715/attachment.jpg>
