Re: Hard-coded trusted CA-cert

Thu, 03 Apr 2003 16:37:18 -0800 

hi Henson,

Thanx for the suggestion. I tried the following Code :
unsigned char CA_cert[811]={
0x30,0x82,0x03,0x27,0x30,0x82.....};

  /* load our CA cert into the certificate chain */
  c = CA_cert;
  x = d2i_X509(NULL,&c,(long) sizeof(CA_cert));
  if( x == NULL ){
        goto end;
  }
  cert_store=SSL_CTX_get_cert_store(ctx);
  X509_STORE_add_cert(cert_store,x);
  if(x != NULL)
    X509_free(x);

This code is working fine but i see a memory leak in
this part of the code. I am loosing 2048 bytes on heap
every time i exit out. I tried commenting this code
and everything is ok..

Please can you tell the what Cleanup procedure am i
missing here?

thankyou,
raj

--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> On Wed, Mar 26, 2003, rajagopalan ramanujam wrote:
> 
> > hi,
> > 
> > I have tested the SSL handshake but failing when
> > verifying server certificate
> > X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. I
> > generated the self signed CA and used the same
> CAcert
> > to verify using openssl verify and also using
> openssl
> > s_client -verify 1 -CAfile and it seems to be
> working
> > perfectly ok.
> > 
> > Since i dont have a file system on embedded
> platform i
> > cannot use SSL_CTX_load_verify_locations().
> > 
> > I have converted the CAcert file from  base64
> format
> > to C structure using openssl utility and i am
> calling
> > SSL_CTX_use_certificate(ctx,x). Still i see that
> there
> > is an error some where. I tried calling
> > SSL_CTX_add_extra_chain_cert, but did not help.
> > 
> 
> You need to retrieve the trusted certificate store
> using SSL_CTX_get_store()
> and then add the certificate to it using
> X509_STORE_add_cert().
> 
> Steve.
> --
> Dr Stephen N. Henson.
> Core developer of the   OpenSSL project:
> http://www.openssl.org/
> Freelance consultant see:
> http://www.drh-consultancy.demon.co.uk/
> Email: [EMAIL PROTECTED], PGP key:
> via homepage.
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                   
> [EMAIL PROTECTED]
> Automated List Manager                          
[EMAIL PROTECTED]


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to