Hi David,
Thanks a lot for your reply,
I'll provide more details of my question:
Let's assume I have 4 certs called Cert 1, Cert 2, Cert 3 and Cert 4, Cert 1 is a root cert. Assume the correct cert chain is - Cert 4 || Cert 3 || Cert 2 || Cert 1 (Here Cert 3 signed cert4, Cert 2 signed Cert 3, Cert 2 is signed by root cert i.e., cert 1). If I got the certificate chain out of order in a single file as - Cert 3 || Cert 2 || Cert 1 || Cert 4, then is there a direct way (i.e., with any openssl API(s)), we can create the certificates chain in the correct order as - Cert 4 || Cert 3 || Cert 2 || Cert 1?
As you mentioned, I'll try X509_build_chain() and update the result.
Regards,
Brahmaji K
On Mon, Oct 9, 2023 at 7:02 PM David von Oheimb via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
Hi Brahmaji,
what you mean by 'sorting' a cert chain - making sure they are in the order of issuance, starting from a given target cert,
possibly assuming that the given list/set of certs is already known to be complete w.r.t. the given target cert and some trust anchor?
What likely comes very close to what you asked for is the function X509_build_chain() added in https://github.com/openssl/openssl/pull/14128.
You can call it, e.g., like this:
chain = X509_build_chain(target_cert, candidate_certs, NULL /* truststore */, 1, NULL, NULL);
See https://www.openssl.org/docs/manmaster/man3/X509_build_chain.html for its man page.
David
On 09.10.23 08:51, Brahmaji K wrote:
Hi Team,
Could you please help provide Openssl APIs (or list of APIs) to be used to sort the certificates used in the certificate chain?
