X509_build_chain() - Re: Request for Openssl APIs to be used to sort the certificate chain
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Oct 9 16:38:05 UTC 2023
On Mon, Oct 09, 2023 at 09:45:35PM +0530, Brahmaji K wrote:
> If I got the certificate chain out of order [...], then is there a
> direct way (i.e., with[out?] any openssl API(s)), we can create the
> certificates chain in the correct order as - Cert 4 || Cert 3 || Cert
> 2 || Cert 1?
It seems, you're looking for a CLI feature, that would not require
writing code. That's a missing feature of the openssl-verify(1)
command. It has a `-show_certs` option that prints just the
distinguished names of the certificates in constructed chain,
but has no `-print_certs` function that would instead just
output the constructed chain.
This would make a good entry-level contribution to the OpenSSL project.
--
Viktor.
More information about the openssl-users
mailing list