Verify a server certificate using a file of certain format

Question

I have a file carved out from pcap (SSL server certificate). It's a binary file with two certificates in it (certificate for the server and certificate for the CA). Each certificate is prefixed by 3-bytes length field indicating the length of the certificate (in big endian format)

certificate in binary format

What I want to find is, if it's possible to use "openssl verify" command to verify that the server certificate can be verified against the CA.

UPDATE1

I have never used "open verify", but it appears to be the right tool for it. According to the manual page, it appears it takes input in the PEM format with -untrusted file parameter. Just want to confirm it here. Wish it could take input file in the binary format I described, that would make it easier to work with wireshark.

Answer 1

Instead of the "Certificates" (plural) object in Wireshark, extract each "Certificate" object separately, without the "Certificate Length" of 3-bytes prepended by the TLS wire format; let's call them first.der and second.der. On each file do openssl x509 -inform der -in whichever.der -out whichever.pem. (You can add -outform pem if you want but don't need to because it's the default.) Then openssl verify -untrusted second.pem first.pem.

Note: if this cert chain is under a root not in the default truststore for your build of OpenSSL, you need to get the root (in PEM format) and either add it to the truststore or specify it explicitly with -CAfile.