Authenticate, please
--#--
We're going to add some code to Paul II to "verify the 
cert chain" on the remote server. Primarily, we need to 
tell paul2 where to find the CA cert we'll be using to 
verify the remote site, and make a call to the function that 
actually steps through the cert chain verifying signatures.<br>
<br>
The code in red is what's new in paul2.<br>
<br>
<code>
-###STACK_OF(X509) *chain;###-
...
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-###SSL_CTX_load_verify_locations(ssl_ctx, "thawte.der", 0);###-
ssl = SSL_new(ssl_ctx);
result = SSLsocket(ssl, hostName, port);
if (result < 0) {
	sprintf(dieString, "Could not get secure socket on %s:%d", hostName, port);
	die(dieString);
}

-### chain = SSL_get_peer_cert_chain(ssl);
result = ssl_verify_cert_chain(ssl, chain);
if (!result) 
	die("Invalid cert chain!"); ###-

</code>
<br>
A note about <i>load_verify_locations:</i> This <i>should</i> allow you 
to specify a path (the NULL in the above parameter list) where all 
your CA certs are kept. But this functionality appears to be broken in 
OpenSSL 0.9.4, which is what I used in constructing these examples. As 
a result, you'll need to specify the individual cert as this code does. <br>
<br>