[openssl-users] [openssl-dev] X509_verify() error - block type is not 01

Viktor Dukhovni openssl-users at dukhovni.org
Mon Jun 22 02:29:52 UTC 2015


On Mon, Jun 22, 2015 at 07:56:37AM +0530, Nayna Jain wrote:

> I want to match the certificate with the private key for whose public key
> that certificate is provided.

That's the subject key, and unless the certificate is self-signed,
the X509_verify() function is not the right interface.  You want
to extract the certificate's public key and compare it with the
key you have.  You can compare (memcmp()) the DER encoding of 
the public key from the certificate with the DER encoding of
the desired key.

> If this verifies who signed the certificate, then how do I verify whether
> the certificate provided is for the private key which was generated,

You compare the keys, or the key fingerprints.

-- 
	Viktor.


More information about the openssl-users mailing list