Shahin
Thank you so much for your help :)
----- Forwarded Message -----
From: "Shahin Khorasani" <[EMAIL PROTECTED]>
To: openssl-dev@openssl.org
Sent: Monday, November 24, 2008 6:13:49 PM (GMT+0200) Auto-Detected
Subject: Re: verify certificate - not from a file
Patrick Patterson wrote:
On November 23, 2008 10:57:55 pm ThanhTrung Do wrote:
From: Itay Dagan <[EMAIL PROTECTED]> Subject: verify certificate - not from a
file
To: openssl-dev@openssl.org Date: Monday, November 24, 2008, 12:37 AM
Hi Guys
I am new in openssl - so hopfully I am not bringing up an
old issue :
I am trying to verify a certificate that I am saving as
string in a random place on my PC memory.
I know that there is the
"SSL_CTX_load_verify_locations()" that verify
certificate from a file or a path.
My Q is :
Does openssl supports taking certificate not from a file or
path but from a place in the memory ?
meaning - A function that gets a char* - reads the
certificate from that location and verifying it.
appreciate your help :) I have the same need too, highly appreciate your helps.
Something like the following should work if the certificate is in PEM format.
(note: this is example only - the below code is probably full of errors,
because I just zen'd it from memory). I'm sure that Steve or one of the other
guru's will correct any problems :)
char certbuf = "PEM-ENCODED-CERTIFICATE";
BIO *bufbio = BIO_new(BIO_s_mem());
int len = BIO_puts(bufbio , certbuf);
X509 *cert = X509_new();
PEM_read_bio_X509(bufbio, &cert, NULL, NULL);
If the Cert is already in DER format, just use the d2i_X509() function to read
it into the OpenSSL internal representation.
Have fun. As Patrick wrote you can load a certificate into X509 structure, but
after that you need to validate it with other facilities such as functions
implemented in X509_STORE set. You can find a simple code below to load both
PEM and DER certificate into a X509 structure.
int loadFromMemory(char *buf, int bufLen)
{
BIO *bp = NULL;
X509 *cert = NULL;
#define retFree(x) do { \
if(bp) \
BIO_free(bp); \
if(cert) \
X509_free(cert); \
return x; \
} while(0);
if(!buf || bufLen < 1)
return 1;
bp = BIO_new(BIO_s_mem());
if(!bp)
return 2;
cert = X509_new();
if(!cert)
retFree(3);
if(!BIO_write(bp, buf, bufLen))
retFree(4);
cert = PEM_read_bio_X509(bp, NULL, NULL);
if(!cert) {
BIO_free(bp);
bp = BIO_new(BIO_s_mem());
if(!bp)
retFree(5);
if(!BIO_write(bp, (char *) buf, bufLen))
retFree(6);
cert = d2i_X509_bio(bp, NULL);
}
BIO_free(bp);
if(!cert)
retFree(7);
return 0;
}
Regards,
Shahin Khorasani
______________________________________________________________________ OpenSSL
Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
