Patrick Patterson wrote:
As Patrick wrote you can load a certificate into X509 structure, but after that you need to validate it with other facilities such as functions implemented in X509_STORE set. You can find a simple code below to load both PEM and DER certificate into a X509 structure.On November 23, 2008 10:57:55 pm ThanhTrung Do wrote:From: Itay Dagan <[EMAIL PROTECTED]> Subject: verify certificate - not from a file To: openssl-dev@openssl.org Date: Monday, November 24, 2008, 12:37 AM Hi GuysI am new in openssl - so hopfully I am not bringing up an old issue : I am trying to verify a certificate that I am saving as string in a random place on my PC memory. I know that there is the "SSL_CTX_load_verify_locations()" that verify certificate from a file or a path. My Q is : Does openssl supports taking certificate not from a file or path but from a place in the memory ? meaning - A function that gets a char* - reads the certificate from that location and verifying it. appreciate your help :)I have the same need too, highly appreciate your helps.Something like the following should work if the certificate is in PEM format. (note: this is example only - the below code is probably full of errors, because I just zen'd it from memory). I'm sure that Steve or one of the other guru's will correct any problems :) char certbuf = "PEM-ENCODED-CERTIFICATE"; BIO *bufbio = BIO_new(BIO_s_mem()); int len = BIO_puts(bufbio , certbuf); X509 *cert = X509_new(); PEM_read_bio_X509(bufbio, &cert, NULL, NULL); If the Cert is already in DER format, just use the d2i_X509() function to read it into the OpenSSL internal representation. Have fun. int loadFromMemory(char *buf, int bufLen) { BIO *bp = NULL; X509 *cert = NULL; #define retFree(x) do { \ if(bp) \ BIO_free(bp); \ if(cert) \ X509_free(cert); \ return x; \ } while(0); if(!buf || bufLen < 1) return 1; bp = BIO_new(BIO_s_mem()); if(!bp) return 2; cert = X509_new(); if(!cert) retFree(3); if(!BIO_write(bp, buf, bufLen)) retFree(4); cert = PEM_read_bio_X509(bp, NULL, NULL); if(!cert) { BIO_free(bp); bp = BIO_new(BIO_s_mem()); if(!bp) retFree(5); if(!BIO_write(bp, (char *) buf, bufLen)) retFree(6); cert = d2i_X509_bio(bp, NULL); } BIO_free(bp); if(!cert) retFree(7); return 0; } Regards, Shahin Khorasani ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] |
- verify certificate - not from a file Itay Dagan
- Re: verify certificate - not from a file ThanhTrung Do
- Re: verify certificate - not from a file Patrick Patterson
- Re: verify certificate - not from a file Itay Dagan
- Re: verify certificate - not from a file Shahin Khorasani
- Re: verify certificate - not from a file Itay Dagan
- Re: verify certificate - not from a file Itay Dagan
- Re: verify certificate - not from a file Shahin Khorasani