I'm attempting to programmatically build and validate a certificate chain based on an in-memory X509 certificate object (received over a network connection), and a filesystem directory containing trusted root certificates.
I'm familiar with how to accomplish this on Windows using CertGetCertificateChain, but in my research, I haven't found any API that is quite as simple to use. Specifically, one that will go on the wire to fetch the signing (CA) certificate(s) using the Authority Information Access (AIA) field in the end-entity certificate.
I found this example for gnuTLS, and I found these similar answers here, and here, but I understand that complexity is the enemy of secure crypto and these seem quite complex by comparison.
Is there an API equivalent to CertGetCertificateChain that's cross-platform, as in POSIX-portable?
I'm library shopping, so I'm not tied to a specific library (OpenSSL, LibreSSL, gnuTLS, etc.), just looking for the right one for the job.