Kaidul
Reputation: 15905
How to compare two openssl X509 certificate object C++
I have two X509 objects
X509 *cert1;
X509 *cert2;
How to I determine whether this two certificates are same or different? which property are identical for two same certificates?
Upvotes: 3
Views: 3241
Answers (1)
Kaidul
Reputation: 15905
X509_cmp(const X509 *a, const X509 *b) is perfect for byte by byte comparison of SHA_1 hash of two certificates. So @AlexBezuglyi is 100% correct. But actually I intended (but couldn't express in this question) to verify the server certificate whether its signed by the root certificate (trusted CA signed certificate).
Using X509_verify
The signature of int X509_verify is
int X509_verify(X509 * x509, EVP_PKEY * pkey);
Suppose of you have root certificate in root and server certificate in cert
X509 * root;
X509 * cert;
//Get local certificate into root
//Get server certificate into cert
//Get the public key.
EVP_PKEY * pubkey = X509_get_pubkey(root);
//verify. result less than or 0 means not verified or some error.
int result = X509_verify(cert, pubkey);
//free the public key.
EVP_PKEY_free(pubkey);
Upvotes: 4
Related Questions
- x509 certificate verification in C
- How to compare X509 certificate object with another .pem extension certificate
- How to compare two objects?
- c++ code for ceating X509 certificate and verify it
- Comparing two public keys with OpenSSL API
- How to verify intermediate CA
- Reading and Verifying Certificates
- How to use X509_verify()
- How to test a public/private keypair in C++?
- how can i verify the self signed certificate using openssl library in C++?