How do I use m2crypto to validate a X509 certificate chain in a non-SSL setting

Question

I\'m trying to figure out how to, using m2crypto, validate the chain of trust from a public key version of a X509 certificate back to one of a set of known root CA\'s when t

Answer 1

There is a patch that might need to be updated slightly, and it would need unit tests for me to check it in. Contributions welcome!

Another convoluted way would be to create an in-memory SSL session where you do the validation. The Twisted wrapper effectively works this way; Twisted acts as dumb network pipe without knowing anything about the data, and M2Crypto encrypts/decrypts the data in memory, doing certificate validation on the side.