[openssl-users] [openssl-dev] X509_verify() error - block type is not 01

Nayna Jain naynjain at in.ibm.com
Mon Jun 22 03:27:08 UTC 2015

OK.. I think I understood this API wrongly then.

What will X509_verify() will verify if I pass it public key.

I mean in place of private key , if I try to match the public key than
rather than doing keys comparision, will passing the public key to this
API, help ?

I mean does it check the private key with which certificate was signed, or
the public key which this certificate signs.

Sorry, I think I am still bit not clear on purpose of the API.

Thanks & Regards,
Nayna Jain

From:	Viktor Dukhovni <openssl-users at dukhovni.org>
To:	openssl-users at openssl.org, openssl-dev at openssl.org
Date:	06/22/2015 08:00 AM
Subject:	Re: [openssl-dev] [openssl-users] X509_verify() error - block
            type	is not 01
Sent by:	"openssl-dev" <openssl-dev-bounces at openssl.org>

On Mon, Jun 22, 2015 at 07:56:37AM +0530, Nayna Jain wrote:

> I want to match the certificate with the private key for whose public key
> that certificate is provided.

That's the subject key, and unless the certificate is self-signed,
the X509_verify() function is not the right interface.  You want
to extract the certificate's public key and compare it with the
key you have.  You can compare (memcmp()) the DER encoding of
the public key from the certificate with the DER encoding of
the desired key.

> If this verifies who signed the certificate, then how do I verify whether
> the certificate provided is for the private key which was generated,

You compare the keys, or the key fingerprints.

openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150622/204524f4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150622/204524f4/attachment-0001.gif>

More information about the openssl-users mailing list