So I have a certificate chain stored in STACK_OF(X509). This is what I did with it :
STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);
X509_STORE_CTX* newCert = X509_STORE_CTX_new();
if(newCert){
X509_STORE_CTX_set_chain(newCert, chain);
std::cout << X509_verify_cert(newCert) << std::endl;
}
std::cout << "ERROR : " << X509_STORE_CTX_get_error(newCert) << std::endl;
The issue is that the X509_verify_cert(newCert)
returns -1 meaning the initialization of the X509_STORE_CTX
was not down properly. What am I missing?
I guess, this is related to Use of STACK_OF(X509).
You shouldn't copy only half of the source code at apps/verify.c. If you look deeper, you will find, among other lines,
286 if(!X509_STORE_CTX_init(csc,ctx,x,uchain))