[openssl-users] OCSP_basic_verify certs

murugesh pitchaiah murugesh.pitchaiah at gmail.com
Fri May 6 13:47:46 UTC 2016


I am implementing the OCSP for my application. Have a doubt on the
'certs' argument for the API "OCSP_basic_verify":

int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                                X509_STORE *st, unsigned long flags);

Here the second argument 'certs'. I understand we need to push the
below to this STACK_OF(X509):

1) Issuer certificate
2) Signature CA certificates - to support trusted responder model

I have multiple signature CA certificates as individual PEM format
files (say 5 PEM files), inside a directory (say

How can i push all these 5 signature CA certs to this STACK_OF (X509)
using sk_X509_push ?

Any openSSL library API is there to push all files from a directory to
this STACK_OF(X509) ?

Thanks & Regards,
Murugesh P.

More information about the openssl-users mailing list