[openssl-users] Why can not get certificate chain if certificate expire

Jerry OELoo oyljerry at gmail.com
Wed Dec 17 08:08:24 UTC 2014


Hi All:
I am using openssl api to get website's certificate chain. Now, For
normal website, it works fine.
Now I encounter a website which certificate is expire,
https://soknad.sparebank1.no

I use X509_STORE_CTX_get1_chain() to get certificate chain, and from
online help (https://www.openssl.org/docs/ssl/SSL_CTX_set_cert_verify_callback.html)
I use callback to always return 1
SSL_CTX_set_cert_verify_callback(ctx, client_cert_verify_cb, NULL);

But I find that I can only get website certificate, I could not get
its' issuer "VeriSign Class 3 Extended Validation SSL SGC CA", and
root CA "VeriSign Class 3 Public Primary Certification Authority - G5"

Now I want to get full certificate chain, How can I get it?

-- 
Rejoice,I Desire!


More information about the openssl-users mailing list