[英]Verify a certificate chain in STACK_OF(X509)
So I have a certificate chain stored in STACK_OF(X509). 所以我有一个存储在STACK_OF(X509)中的证书链。 This is what I did with it :
这就是我用它做的:
STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);
X509_STORE_CTX* newCert = X509_STORE_CTX_new();
if(newCert){
X509_STORE_CTX_set_chain(newCert, chain);
std::cout << X509_verify_cert(newCert) << std::endl;
}
std::cout << "ERROR : " << X509_STORE_CTX_get_error(newCert) << std::endl;
The issue is that the X509_verify_cert(newCert)
returns -1 meaning the initialization of the X509_STORE_CTX
was not down properly. 问题是
X509_verify_cert(newCert)
返回-1表示X509_STORE_CTX
的初始化未正确关闭。 What am I missing? 我错过了什么?
I guess, this is related to Use of STACK_OF(X509) . 我想,这与使用STACK_OF(X509)有关 。
You shouldn't copy only half of the source code at apps/verify.c . 您不应该只复制apps / verify.c中的一半源代码。 If you look deeper, you will find, among other lines,
如果你看得更深,你会发现,除了其他线,
286 if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.