Re: How to prove a Certificate is Signed or not

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On May 3, 2018, at 3:06 AM, Anil kumar Reddy <morthalaanilreddy@xxxxxxxxx> wrote:
> 
> The issue is:
> I am unable to find out the exact command lines or c/c++ program functions to prove the SignedCertificate.pem is signed or not. I have spent more than one day on researching, but I am end up with confusion. I do not have any digital certificate chain. 

To verify the signature on a single certificate using a known issuer
public key you call:

	X509_verify(X509 *cert, EVP_PKEY *pkey)

with return values <= 0 indicating failure.  To verify a certificate
chain against a set of trust anchors you call:

	X509_verify_cert(X509_STORE_CTX *ctx)

where "ctx" is populated with the certificate chain, trust anchors,
CRLs, verification parameters, including some types of subject names
to check...  This is what most applications use to check that something
is signed by a trusted certificate with the right identity and purpose.

-- 
	Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux