On Fri, Feb 03, 2012, Dan Schmitt wrote:
> I have a situation where I'd like my client to validate
> against my server, but I don't expect the default CA
> .pem files for openSSL to be there.
>
> Is there a way to take
>
> SSL_CTX *mySSL_CTX = existing_ssl_ctx;
>
> char *foo = "valid pem string";
> BIO *bio = BIO_new_mem_buf(foo, -1);
> X509 *cert = PEM_read_bio_X509(bio, &cert, 0, NULL);
>
> and stick it into the the SSL_CTX the way all the sample
> code does with things like
>
> X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
>
> only with the BIO?
>
> Or is there a hint at where I should look for a better guess about
> mapping an X509* somewhere into the CA list for an SSL_CTX*
>
You can get the X509_STORE structure used by an SSL_CTX with
SSL_CTX_get_cert_store(). Once you have that you can call
X509_STORE_add_cert() and pass in the X509 structure.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
