Re: verify certificate - not from a file

Mon, 24 Nov 2008 08:26:10 -0800 

Hi Patrick

Thanks alot for the advise - I will try it :)

Itay

----- Original Message -----
From: "Patrick Patterson" <[EMAIL PROTECTED]>
To: openssl-dev@openssl.org
Sent: Monday, November 24, 2008 5:36:31 PM (GMT+0200) Auto-Detected
Subject: Re: verify certificate - not from a file

On November 23, 2008 10:57:55 pm ThanhTrung Do wrote:
> > From: Itay Dagan <[EMAIL PROTECTED]>
> > Subject: verify certificate - not from a file
> > To: openssl-dev@openssl.org
> > Date: Monday, November 24, 2008, 12:37 AM
> > Hi Guys
> >
> > I am new in openssl - so hopfully I am not bringing up an
> > old issue :
> >
> > I am trying to verify a certificate that I am saving as
> > string in a random place on my PC memory.
> >
> > I know that there is the
> > "SSL_CTX_load_verify_locations()" that verify
> > certificate from a file or a path.
> >
> > My Q is :
> > Does openssl supports taking certificate not from a file or
> > path but from a place in the memory ?
> > meaning - A function that gets a char* - reads the
> > certificate from that location and verifying it.
> >
> >
> > appreciate your help :)
>
> I have the same need too, highly appreciate your helps.
>
Something like the following should work if the certificate is in PEM format.
(note: this is example only - the below code is probably full of errors, 
because I just zen'd it from memory). I'm sure that Steve or one of the other 
guru's will correct any problems :)

    char certbuf = "PEM-ENCODED-CERTIFICATE";

    BIO *bufbio = BIO_new(BIO_s_mem());
    int len = BIO_puts(bufbio , certbuf);

    X509 *cert = X509_new();
    PEM_read_bio_X509(bufbio, &cert, NULL, NULL);

If the Cert is already in DER format, just use the d2i_X509() function to read 
it into the OpenSSL internal representation.

Have fun.


-- 
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to