Problems with X509_verify_cert and 0.9.8

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Problems with X509_verify_cert and 0.9.8

Jeff Davey
I'm having a very peculiar problem.

I'm doing the following to verify that this cert is signed by our root
certificate, and that it's a valid cert:

X509_STORE *store = X509_STORE_new();

if (store)
    X509_STORE_set_verify_cb_func(store, _glicVerificationCallback);

    // load the CACert
    X509 *caCert = X509_new();
    if (caCert)
        unsigned char *caDERPtr = &subCACert[0]; // subCACert is our public root certificate
        if ( d2i_X509(&caCert, &caDERPtr, CACERTLENGTH) )
            if ( X509_STORE_add_cert(store, caCert) )
                X509_STORE_CTX *verifyCTX = X509_STORE_CTX_new();
                if (verifyCTX && X509_STORE_CTX_init(verifyCTX, store, licenseCert, NULL))  // licenseCert is passed in
                    if (X509_verify_cert(verifyCTX))


Now what's strange, is this works (I get a yay:)) on two of the three platforms we support, using the same cert, of course.

Specifically, it works on x86-64 and Netware.
Specficially, it DOES NOT work on x86. (I get a nay:()

The error it returns is: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT

This also works fine on ALL THREE platforms (x86-64, Netware, x86) using 0.9.7g.

Any ideas?

OpenSSL Project                       
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]