forget one thing, after you have the private key (of type EVP_PKEY) and certificate (of type X509, you use:
SSL_CTX_use_certificate(ctx,cert) and SSL_CTX_use_PrivateKey(ctx, pkey) to read them into your ssl context. -----Original Message----- From: Chong Peng Sent: Thursday, February 09, 2006 5:25 PM To: openssl-users@openssl.org Subject: RE: Hard-coded keys and cert in the image grace: i believe what your are trying to do is what i did a few days ago. here is how you do it: 1. obtain the private key and certificate in "pem" format, e.g., by using the following openssl command: $ openssl genrsa -out key.pem 1024 $ openssl req -new -key key.pem -out request.pem $ openssl x509 -req -days 30 -in request.pem -signkey key.pem -out certificate.pem $ openssl x509 -inform der -in certificate.crt -out certificate.pem this will give you a self signed private key and certificate (in pem format). 2. open the pem files (e.g., key.pem and certificate.pem) in a text editor, copy and paste the the key and certificate to a c array. 3. your c code is going to look like the following: #include "buffer.h" #include "pem.h" #include "evp.h" #include "bio.h" #include "x509.h" EVP_PKEY *pkey = NULL; X509 *cert = NULL; const char skey[] = "-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC0SF/4JTo3XzffsPeNPbglZ6sz/f/mlUO/CUtB8hk0DTz3V/9r iWagrVHjqaF/xikWFsxbzKecRyDDNyhgMWV8eeAVGpJSvmyJZH43MWO1zCiBXsi2 MSHqQAJOfT803qTc3tPCb5k4UK5ytvwpQ8ZIyokrnQJS0FYKsonf3ASjKwIDAQAB AoGAMR3Sv6lsze8sKs5s81cQV2iCFT0rPegGuAJRNZs+0JaWuJCJ7wNVKYtu1wa9 EDGtue3mKVB9ja83NthNML/kdOszLc1G6NVnWYSzgBPPsyPAJkSZw8TQKODmw+LF sqGFjC73s49/lWO12Tv8qA0Zf4sXRY9dMiqX5kA5m8OWXfECQQDYkv2B1xfNK41v PPeggVapasX53ZIiOdjc5UuaOWU7GDLhlyyFUCkDdx4eviBAEclWfNSueJNcK1Me pulScGFTAkEA1RoXxsYgFVbZsK1i9hjxEqoWzP7dQBJTWqi/77BaPQvqX12ctVk0 pa0sR4XEKxGOBr11XJVlloTjpmm1hwLDyQJBAM25o1IpLhTZIDrgoSE4e0fngzQ9 A0m7xYLf1RclGkIuVHbykXn5kVwXVOdDF4OE4cpkPeuV4fUVuplNWCnVUr0CQBWR a4ChwtOGE8hO9ComQhf6gQ5EaU43zJnrZGm09p0hHJqEVf0Ax1RRX57pif4166MA /+Tb9gky7/uCzW2ZuQkCQFUoAhZnV9sQoifQpkCE10J3fZNyNLEvHKU3b4/rwvn7 5W618+Fr0DiwBkH07YSWRCVvi8rsYrK2/25DXSbXbD8= -----END RSA PRIVATE KEY-----"; const char scert[] = "-----BEGIN CERTIFICATE----- MIICeTCCAeICCQDVIB2PKnpDmjANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMC VVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdTQU5KT1NFMQ8wDQYDVQQKEwZNQVhY QU4xDDAKBgNVBAsTA0VORzEOMAwGA1UEAxMFY2hvbmcxIzAhBgkqhkiG9w0BCQEW FGNob25ncGVuZ0BtYXh4YW4uY29tMB4XDTA1MTIyMTA0MDcxNloXDTA2MDEyMDA0 MDcxNlowgYAxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEBxMHU0FO Sk9TRTEPMA0GA1UEChMGTUFYWEFOMQwwCgYDVQQLEwNFTkcxDjAMBgNVBAMTBWNo b25nMSMwIQYJKoZIhvcNAQkBFhRjaG9uZ3BlbmdAbWF4eGFuLmNvbTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAtEhf+CU6N18337D3jT24JWerM/3/5pVDvwlL QfIZNA0891f/a4lmoK1R46mhf8YpFhbMW8ynnEcgwzcoYDFlfHngFRqSUr5siWR+ NzFjtcwogV7ItjEh6kACTn0/NN6k3N7Twm+ZOFCucrb8KUPGSMqJK50CUtBWCrKJ 39wEoysCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBX0jTsC73wXYHDhenL2piboCMQ qF96W/YLShYJla3ipc8JG0GHStTjUY4w7KGjDJippRUhddv0CUAilD7EPYusr1oY sk+Tt7QKCSLnued6NZwGnjIV78BmMi5gp5UEotgmPMk6Q6WKl0rVMbiJWqgy9f7b Hk3SUgTCdn/T+ajIFQ== -----END CERTIFICATE-----"; int serverKey(void) { BIO *bio; if( (bio=BIO_new_mem_buf((void *)skey, sizeof(skey))) == NULL) { return(-1); } if( (pkey=PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)) == NULL) { BIO_free(bio); return(-1); } BIO_free(bio); return(0); } int serverCert(void) { BIO *bio; if( (bio=BIO_new_mem_buf((void *)scert, sizeof(scert))) == NULL) { return(-1); } if( (cert=PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) { BIO_free(bio); return(-1); } BIO_free(bio); return(0); } this piece of code worked in the embedded system i am working on, hope this helps. chong peng -----Original Message----- From: Xie Grace Jingru-LJX001 [mailto:[EMAIL PROTECTED] Sent: Thursday, February 09, 2006 9:47 AM To: openssl-users@openssl.org Subject: Hard-coded keys and cert in the image Hello, If the privkey and cacert have to be hard-coded in the image (by using #define), how can I tell SSL to look into these constants for the key and cert instead of the default directory? Which SSL routine I need to change to let SSL know the new location of the key and certificate? All suggestions are appreciated...! Grace ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]