How to verify a X509 certificate in C

Question

I have a certificate in X509 format. this a input parameters in a function. What I would like to do is to verify the validity of the certificate. How can it be done?

Answer 1

To verify a certificate signature, you need the public key of an issuer certificate. This issuer certificate's signature is verified with another issuing certificate (or trusted root certificate). Thus if a certificate's signature verifies all the way up a chain to a trusted root, then that certificate is considered trusted.

Self-signed certificates' signatures are verified using their own public key, like the example below:

int verify_cert(const char* pem_c_str)
{
    BIO *bio_mem = BIO_new(BIO_s_mem());
    BIO_puts(bio_mem, pem_c_str);
    X509 * x509 = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL);

    EVP_PKEY *pkey=X509_get_pubkey(x509);
    int r= X509_verify(x509, pkey);
    EVP_PKEY_free(pkey);

    BIO_free(bio_mem);
    X509_free(x509);
    return r;
}

from: http://www.zedwood.com/article/openssl-c-verify-self-signed-certificate-signature