X509_build_chain() - Re: Request for Openssl APIs to be used to sort the certificate chain
David von Oheimb
David.von.Oheimb at siemens.com
Mon Oct 9 13:31:45 UTC 2023
Hi Brahmaji,
what you mean by 'sorting' a cert chain - making sure they are in the
order of issuance, starting from a given target cert,
possibly assuming that the given list/set of certs is already known to
be complete w.r.t. the given target cert and some trust anchor?
What likely comes very close to what you asked for is the function
X509_build_chain() added in https://github.com/openssl/openssl/pull/14128.
You can call it, e.g., like this:
chain = X509_build_chain(target_cert, candidate_certs, NULL /*
truststore */, 1, NULL, NULL);
See https://www.openssl.org/docs/manmaster/man3/X509_build_chain.html
for its man page.
David
On 09.10.23 08:51, Brahmaji K wrote:
> Hi Team,
>
> Could you please help provide Openssl APIs (or list of APIs) to be
> used to sort the certificates used in the certificate chain?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231009/6899dc03/attachment.htm>
More information about the openssl-users
mailing list