Thanks Dave, I tried with the 2nd option. But people here didn't agree so finally went ahead with the 3rd option.
Thanks for soln. Sri On Fri, Jan 11, 2013 at 3:25 AM, Dave Thompson <dthomp...@prinpay.com>wrote: > >From: owner-openssl-us...@openssl.org On Behalf Of Srivardhan Hebbar > >Sent: Tuesday, 08 January, 2013 08:34 > > >X509_STORE_add_cert() would add a certificate to the list of trusted > >certificates in the ctx. What is the way to remove a certificate from > >this trusted store? Am not finding any function to remove the certificate. > >Can anyone of you suggest a way to remove the certificate from this > trusted > > >store? Or is there a way to make a already loaded certificate an untrusted > one? > > I presume you mean an SSL_CTX and certs trusted for SSL authentication. > (OpenSSL can use, and trust, certs for other purposes.) > > 1. An X509 object representing a cert in OpenSSL has an associated "aux" > field of OpenSSL-added data including (optionally?) some trust settings. > There are too many twisty passages for me to track down exactly what values > can be in here, and what if any does what you want. > > 2. The data in an X509_STORE is just a STACK_OF(X509_OBJECT). I don't see > any official API, but you could just grab x->objs and sk_*_delete from it. > You probably need to do downref/free to avoid a leak, and to do locking > if your program(s) will or might use this while multithreading. > > 3. If you want an official if clumsy way, create a new X509_STORE, > initialize and fill it with everything from the existing one > except the cert(s) you want to omit, and then use it. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
