Archived Forum Post

Index of archived forum posts

Question:

Validate server certificates

Sep 24 '15 at 13:15

I'm using the C++ library version 9.5.0.40

I'm using the CkHttp component to send an http request using ssl connection. I set put_RequireSslCertVerify(true) to verify the server's certificates against root certificates contained in a PKCS12 truststore. The truststore seems to be valid since other applications are using it (google chrome, IE, and others). However CkCertStore doesn't load the file. The code i use to load the truststore is the following :

    CkCert* cert = NULL;
CkCertStore store;
CkTrustedRoots trustedRoots;

if(store.LoadPfxFile(trustestore, password))
{
    int count = store.get_NumCertificates();

    for(int i = 0; i < count; ++i)
    {
        cert = store.GetCertificate(i);
        if(cert)
        {
            trustedRoots.AddCert(*cert);

            delete cert;
        }
    }

    if(trustedRoots.Activate())
    {
        sucess = true;
    }
}

The password is valid and the error i get is the following :

ChilkatLog: LoadPfxFile: DllDate: Jul 15 2014 ChilkatVersion: 9.5.0.41 UnlockPrefix: NONE Username: POSTE1392:Laval Architecture: Little Endian; 32-bit Language: Visual C++ 11.0 (32-bit) VerboseLogging: 0 pfxPath: C:Temptruststore.p12 importPfxData: pkcs12_loadAndParseDer: loadAndParseDerInner: verifyHmacIntegrity: saltNumBytes: 8 saltBase64: sweGnMHf0hY= numIterations: 2048 macHashOid: 1.3.14.3.2.26 macStoredDigest: CB07 D527 E6BB 535F DF3D 9E5D A33B 29DC BD7B 0221 Failed to verify PFX HMAC with password. computedDigest: A312 79A6 45D9 7DF4 042A 6460 8B49 AF85 6C86 31F6 --verifyHmacIntegrity PFX/PKCS12 integrity verification failed. --loadAndParseDerInner --pkcs12_loadAndParseDer --importPfxData Failed. --LoadPfxFile --ChilkatLog

Regards