how to verify SSL certificate chain - M2 Crypto library?




is there any simple way to do SSL certificate chain validation using
M2Crypto or any other library ?

Basically what I want to achieve is to be able to say if certificate
chain contained in 'XYZ.pem' file is issued by known CA (list of
common root-CA's certs should be loaded from separate directory).
Right now I do it by spawning command 'openssl verify -CApath
<ca_certs_path> XYZ.pem' and it works. However I think that there must
be a simpler way.

I've spent last few hours trying to go through M2Crypto sources and
API "documentation" but the only possible way that I've found is
spawning separate server thread listening on some port, and connecting
just to verify if cert chain is valid, but going this way is at least
not right. The other approach which I've tried is using low-level
function m2.X509_verify() but it does not work as I expect. It returns
0 (which means valid) even if CA certificate is not known.

Any suggestions / tips ?

Marek Skrobacki


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question