Thanks Dave,
I tried with the 2nd option. But people here didn't agree so finally went
ahead with the 3rd option.
Thanks for soln.
Sri
On Fri, Jan 11, 2013 at 3:25 AM, Dave Thompson dthomp...@prinpay.comwrote:
From: owner-openssl-us...@openssl.org On Behalf Of Srivardhan Hebbar
Sent: Tuesday, 08 January, 2013 08:34
X509_STORE_add_cert() would add a certificate to the list of trusted
certificates in the ctx. What is the way to remove a certificate from
this trusted store? Am not finding any function to remove the certificate.
Can anyone of you suggest a way to remove the certificate from this
trusted
store? Or is there a way to make a already loaded certificate an untrusted
one?
I presume you mean an SSL_CTX and certs trusted for SSL authentication.
(OpenSSL can use, and trust, certs for other purposes.)
1. An X509 object representing a cert in OpenSSL has an associated aux
field of OpenSSL-added data including (optionally?) some trust settings.
There are too many twisty passages for me to track down exactly what values
can be in here, and what if any does what you want.
2. The data in an X509_STORE is just a STACK_OF(X509_OBJECT). I don't see
any official API, but you could just grab x-objs and sk_*_delete from it.
You probably need to do downref/free to avoid a leak, and to do locking
if your program(s) will or might use this while multithreading.
3. If you want an official if clumsy way, create a new X509_STORE,
initialize and fill it with everything from the existing one
except the cert(s) you want to omit, and then use it.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org