guys:
usually, we use the
following two apis to load key/certificate:
int SSL_CTX
_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
this, if i
understand right, requires a private key and certificate to be generate off
line and saved in a disk file. if i have an embedded system that canot read from
a disk or any other media, how can i input the key/certificate to the ssl
context?
i noticed that
there are other apis defined to input key/certificate to the ssl context, such
as:
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509
*x);
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY
*pkey);
does this mean
that i can generate a certificate of type X509 and a private key of type
EVP_PKEY in my code and then load them to the ssl context? if it is, how can i
do that? what i am thinking is that each time when my embedded system bootup, i
will generate a key/certificate (self signed) and load them to my ssl context.
is this doable?
thanks in
advance.
chong
peng
