Hello,
I'm newbie but now I can hardcode root certificate.Thank You!
Still one question :
X509 *x;
..
X509_free(x); //do I must call this ?
Also any example how to read certificate to/and from memory buffer would be
nice. ;-)
Boguslaw Brandys
- Original Message -
From: Dilkie, Lee [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 26, 2002 6:20 PM
Subject: RE: Hard-coded trusted CA-cert
Dennis,
This is what I did. I think I just looked into the
SSL_CTX_load_verify_locations() function and copied what it did.
{
X509 *x=NULL;
unsigned char* c;
c = CACert;
x = d2i_X509( NULL, c, (long) sizeof( CACert ) );
if( x == NULL ){
PostErrStack( MiSslInit(): d2i_X509(CACert) failed );
goto ERROR_CLEANUP;
}
if( !SSL_CTX_add_extra_chain_cert( sslctx, x ) ){
PostErrStack( MiSslInit(): SSL_CTX_add_extra_chain_cert() failed );
goto ERROR_CLEANUP;
}
}
hope this helps.
-lee
-Original Message-
From: Dennis Jarosch [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 26, 2002 5:47 AM
To: [EMAIL PROTECTED]
Subject: Hard-coded trusted CA-cert
Hi everybody!
I'm searching for a way of hard-coding a trusted CA certificate into a
client executable. I have browsed the archives and the documentation,
but I was unable to find anything useful yet.
Currently, I use SSL_CTX_load_verify_locations() to load my trusted
CA-file. In my case there will only be one trusted CA and I'd prefer not
to load it from a file.
So is there a way of declaring something like this:
unsigned char CACert[]={0x30,0x82,0x02,0x6B,...}
which could be generated using 'openssl x509 -C -noout -in cacert.pem'
and feeding it to the CTX for verification?
Thanks for any help!
Dennis
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
Okresl Swoje potrzeby - my znajdziemy oferte za Ciebie!
[ http://oferty.onet.pl ]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]