1 Topic by courtneyendic735 (edited by courtneyendic735 2025-01-17 03:07:16)

  • Registered: 2024-12-31
  • Posts: 1

Topic: How to verify a certificate chain using WolfSSL

Hello,
Assuming we have a certificate chain A->B->C with a depth of 3, where A is the root certificate.

At present, it appears that the WolfSSL command line supports verifying a certificate chain with a maximum depth of 2. Namely either:

wolfssl verify -CAfile A.crt B.crt
or
slope game
wolfssl verify -CAfile B.crt -partial_chain C.crt
But if I want to validate the complete A->B->C certificate chain at once, how should I do it? If it is indeed not possible to do this from the command line, could anyone share a code snippet using WolfSSL to accomplish this? Thanks a lot.

Share

  • Registered: 2021-08-12
  • Posts: 120

Re: How to verify a certificate chain using WolfSSL

Hello courtneyendic735,

My name is Anthony and I am a member of the wolfSSL team.

We've actually noticed the same problem earlier and are looking into a fix.  Currently, we have 2 solutions.

- Please have a look at https://github.com/wolfSSL/wolfCLU/pull/159 .  This is not a long term fix as it has side effects when doing OCSP and CRL verifications. I am currently looking into improving this PR.  Stay tuned and monitor that PR please.
- Please have a look at https://github.com/wolfSSL/wolfssl-exam … ertmanager .  This example will verify the chain as you described.

Here at wolfSSL we love it when people use our product.  Can you let us know a bit about yourself and your project?  For example:

- Where are you geographically located?
- What are your goals?
- Is this out of professional, academic or personal interest?
- Is there an institution associated with this effort?
- Any other information you care to share.

If you would like to share this information confidentially, you can send it to me via email at anthony@wolfssl.com.

Thanks and let me know if my suggestions help.

Warm regards, Anthony

Share