CryptoSys PKI Toolkit Manual

X509_VerifyCert

Verifies that an X.509 certificate (or X.509 certificate revocation list (CRL) or PKCS-10 certificate signing request (CSR)) has been signed by its issuer.

VB6/VBA Syntax

Public Declare Function X509_VerifyCert Lib "diCrPKI.dll" (ByVal strCertToVerify As String, ByVal strIssuerCert As String, ByVal nOptions As Long) As Long

nRet = X509_VerifyCert(strCertToVerify, strIssuerCert, nOptions)

Parameters

strCertToVerify
[in] String with the filename of the certificate to be verified.
strIssuerCert
[in] String with the filename of the issuer's certificate.
nOptions
[in] Long option flags: not used in this release. Specify zero.

C/C++ Syntax

long _stdcall X509_VerifyCert(const char *szCertToVerify, const char *szIssuerCert, long nOptions);

Returns (VB6/C)

Long: If the certificate's signature is valid, the return value is PKI_X509_VERIFY_SUCCESS (0); if the certificate is otherwise of correct format but the validation fails, the return value is PKI_X509_VERIFY_FAILURE (-1); otherwise it returns a positive error code.

.NET Equivalent

X509.VerifyCert Method

Remarks

Note that the return value for success is zero, not "true". The function verifies only that the certificate was signed by the owner of the public key in the issuer's certificate. It does not check the validity dates of either certificate (to do that use X509_CertIsValidNow). Nor does it check that the certficate has been revoked (to do that use X509_CheckCertInCRL). Only certificates signed with supported signature algorithms can be checked: see Supported Algorithms. The certificate file may be in binary BER/DER format or base64 PEM file format, or may be passed in base64 representation or as a PEM string.

[New as of version 3.5] This function can also be used to verify that an X.509 Certificate Revocation List (CRL) or PKCS#10 Certificate Signing Request (CRS) has been signed by the owner of the issuer's certificate. Just pass the name of the file (or its PEM string form) as szCertToVerify.

Example

This example verifies that the certificate myuser.cer has been signed by the owner of myca.cer. 

' Returns 0 if OK, -1 if fails to validate, or +ve other error
Dim nRet As Long
nRet = X509_VerifyCert("C:\Test\myuser.cer", "C:\Test\myca.cer", 0)
If nRet = 0 Then
    Debug.Print "Verification is OK"
ElseIf nRet > 0 Then
    Debug.Print "Error: " & nRet & pkiGetLastError()
Else
    Debug.Print "Cert not issued by this Issuer"
End If

See Also

X509_CertIsValidNow X509_CertThumb

[Contents] [Index]

[HOME]   [NEXT: .NET Classes and Methods...]
Copyright © 2004-10 D.I. Management Services Pty Ltd. All rights reserved.