Re: Hard-coded trusted CA-cert

Boguslaw Brandys Sat, 09 Mar 2002 10:09:16 -0800

Hello,

I'm newbie but now I can hardcode root certificate.Thank You!
Still one question :



X509 *x;
......
  X509_free(x);  //do I must call this ?


Also any example how to read certificate to/and from memory buffer would be
nice..... ;-)

Boguslaw Brandys


----- Original Message -----
From: "Dilkie, Lee" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 26, 2002 6:20 PM
Subject: RE: Hard-coded trusted CA-cert


> Dennis,
>
> This is what I did. I think I just looked into the
SSL_CTX_load_verify_locations() function and copied what it did.
>
>
> {
>
> X509 *x=NULL;
> unsigned char* c;
>
> c = CACert;
> x = d2i_X509( NULL, &c, (long) sizeof( CACert ) );
> if( x == NULL ){
> PostErrStack( "MiSslInit(): d2i_X509(CACert) failed" );
> goto ERROR_CLEANUP;
> }
> if( !SSL_CTX_add_extra_chain_cert( sslctx, x ) ){
> PostErrStack( "MiSslInit(): SSL_CTX_add_extra_chain_cert() failed" );
> goto ERROR_CLEANUP;
> }
> }
>
> hope this helps.
>
> -lee
>
> -----Original Message-----
> From: Dennis Jarosch [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 26, 2002 5:47 AM
> To: [EMAIL PROTECTED]
> Subject: Hard-coded trusted CA-cert
>
>
> Hi everybody!
>
> I'm searching for a way of hard-coding a trusted CA certificate into a
> client executable. I have browsed the archives and the documentation,
> but I was unable to find anything useful yet.
>
> Currently, I use SSL_CTX_load_verify_locations() to load my trusted
> CA-file. In my case there will only be one trusted CA and I'd prefer not
> to load it from a file.
>
> So is there a way of declaring something like this:
>
> unsigned char CACert[]={0x30,0x82,0x02,0x6B,...}
>
> which could be generated using 'openssl x509 -C -noout -in cacert.pem'
> and feeding it to the CTX for verification?
>
> Thanks for any help!
>
> Dennis
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]



-- 

Okresl Swoje potrzeby - my znajdziemy oferte za Ciebie!
[ http://oferty.onet.pl ]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Re: Hard-coded trusted CA-cert

Reply via email to