X509_build_chain() - Re: Request for Openssl APIs to be used to sort the certificate chain
Brahmaji K
brahmaji.k at gmail.com
Tue Oct 10 04:32:38 UTC 2023
Thanks a lot Viktor and David for your answers.
On Tue, Oct 10, 2023 at 1:32 AM Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:
> On Mon, Oct 09, 2023 at 09:45:35PM +0530, Brahmaji K wrote:
>
> > If I got the certificate chain out of order [...], then is there a
> > direct way (i.e., with[out?] any openssl API(s)), we can create the
> > certificates chain in the correct order as - Cert 4 || Cert 3 || Cert
> > 2 || Cert 1?
>
> It seems, you're looking for a CLI feature, that would not require
> writing code. That's a missing feature of the openssl-verify(1)
> command. It has a `-show_certs` option that prints just the
> distinguished names of the certificates in constructed chain,
> but has no `-print_certs` function that would instead just
> output the constructed chain.
>
> This would make a good entry-level contribution to the OpenSSL project.
>
> --
> Viktor.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231010/bd5d6f5e/attachment-0001.htm>
More information about the openssl-users
mailing list