Hi Shahin
Thanks again for your advise
still have some problems to get it work with curl
when writing :
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt(curl,CURLOPT_SSL_CTX_FUNCTION,
&Connector::loadFromMemory); //suppose to load the certificate
curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, TRUE);
ret = curl_easy_perform(curl);
..."
It behaves like no certificate has been uploaded to the database (looking for
certificate path)
Is there another way to way to verify the certificate.
thanks :)
Itay
As Patrick wrote you can load a certificate into X509 structure, but after that
you need to validate it with other facilities such as functions implemented in
X509_STORE set. You can find a simple code below to load both PEM and DER
certificate into a X509 structure.
int loadFromMemory(char *buf, int bufLen)
{
BIO *bp = NULL;
X509 *cert = NULL;
#define retFree(x) do { \
if(bp) \
BIO_free(bp); \
if(cert) \
X509_free(cert); \
return x; \
} while(0);
if(!buf || bufLen < 1)
return 1;
bp = BIO_new(BIO_s_mem());
if(!bp)
return 2;
cert = X509_new();
if(!cert)
retFree(3);
if(!BIO_write(bp, buf, bufLen))
retFree(4);
cert = PEM_read_bio_X509(bp, NULL, NULL);
if(!cert) {
BIO_free(bp);
bp = BIO_new(BIO_s_mem());
if(!bp)
retFree(5);
if(!BIO_write(bp, (char *) buf, bufLen))
retFree(6);
cert = d2i_X509_bio(bp, NULL);
}
BIO_free(bp);
if(!cert)
retFree(7);
return 0;
}
Regards,
Shahin Khorasani
Patrick Patterson wrote:
> On November 23, 2008 10:57:55 pm ThanhTrung Do wrote:
>
> Something like the following should work if the certificate is in PEM format.
> (note: this is example only - the below code is probably full of errors,
> because I just zen'd it from memory). I'm sure that Steve or one of the other
> guru's will correct any problems :)
>
> char certbuf = "PEM-ENCODED-CERTIFICATE";
>
> BIO *bufbio = BIO_new(BIO_s_mem());
> int len = BIO_puts(bufbio , certbuf);
>
> X509 *cert = X509_new();
> PEM_read_bio_X509(bufbio, &cert, NULL, NULL);
>
> If the Cert is already in DER format, just use the d2i_X509() function to
> read
> it into the OpenSSL internal representation.
>
> Have fun.
>>> From: Itay Dagan <[EMAIL PROTECTED]>
>>> Subject: verify certificate - not from a file
>>> To: openssl-dev@openssl.org
>>> Date: Monday, November 24, 2008, 12:37 AM
>>> Hi Guys
>>>
>>> I am new in openssl - so hopfully I am not bringing up an
>>> old issue :
>>>
>>> I am trying to verify a certificate that I am saving as
>>> string in a random place on my PC memory.
>>>
>>> I know that there is the
>>> "SSL_CTX_load_verify_locations()" that verify
>>> certificate from a file or a path.
>>>
>>> My Q is :
>>> Does openssl supports taking certificate not from a file or
>>> path but from a place in the memory ?
>>> meaning - A function that gets a char* - reads the
>>> certificate from that location and verifying it.
>>>
>>>
>>> appreciate your help :)
>>>
>> I have the same need too, highly appreciate your helps.
>>
>>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
