|
Hi all, I am trying to verify a certificate and provide the possibility to directly trust an intermediate CA's certificate (not self-signed). After setting up the STORE and STORE_CTX and add the intermediate CA to the trusted certificates, when I use the "X509_verify_cert(ctx)" I get the usual "unable to get issuer certificate" - which would be fine for a "non-trusted" cert, but I would expect that to not be an issue for a trusted certificate. Therefore, my question is what is the best method to have that behavior ? I tried to use the certificate callback to do that, but there is no function to get the trusted certificates' stack (i.e., there is a X509_STORE_CTX_get0_untrusted() but there is no equivalent for the trusted certificates' stack) - so I could not verify if the current certificate (in the verify callback call) is in the trusted stack or not... Maybe there are flags / trust settings that can be used instead ? Cheers, --
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director  |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
