Hi Shahin
Thanks again for your advise
still have some problems to get it work with curl
when writing :
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt(curl,CURLOPT_SSL_CTX_FUNCTION, &Connector::loadFromMemory); //suppose to load the certificate
curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, TRUE);
ret = curl_easy_perform(curl);
..."
It behaves like no certificate has been uploaded to the database (looking for certificate path)
Is there another way to way to verify the certificate.
thanks :)
Itay
As Patrick wrote you can load a certificate into X509 structure, but after that you need to validate it with other facilities such as functions implemented in X509_STORE set. You can find a simple code below to load both PEM and DER certificate into a X509 structure.
int loadFromMemory(char *buf, int bufLen)
{
BIO *bp = NULL;
X509 *cert = NULL;
#define retFree(x) do { \
if(bp) \
BIO_free(bp); \
if(cert) \
X509_free(cert); \
return x; \
} while(0);
if(!buf || bufLen < 1)
return 1;
bp = BIO_new(BIO_s_mem());
if(!bp)
return 2;
cert = X509_new();
if(!cert)
retFree(3);
if(!BIO_write(bp, buf, bufLen))
retFree(4);
cert = PEM_read_bio_X509(bp, NULL, NULL);
if(!cert) {
BIO_free(bp);
bp = BIO_new(BIO_s_mem());
if(!bp)
retFree(5);
if(!BIO_write(bp, (char *) buf, bufLen))
retFree(6);
cert = d2i_X509_bio(bp, NULL);
}
BIO_free(bp);
if(!cert)
retFree(7);
return 0;
}
Regards,
Shahin Khorasani
Patrick Patterson wrote:
On November 23, 2008 10:57:55 pm ThanhTrung Do wrote:
Something like the following should work if the certificate is in PEM format.
(note: this is example only - the below code is probably full of errors,
because I just zen'd it from memory). I'm sure that Steve or one of the other
guru's will correct any problems :)
char certbuf = "PEM-ENCODED-CERTIFICATE";
BIO *bufbio = BIO_new(BIO_s_mem());
int len = BIO_puts(bufbio , certbuf);
X509 *cert = X509_new();
PEM_read_bio_X509(bufbio, &cert, NULL, NULL);
If the Cert is already in DER format, just use the d2i_X509() function to read
it into the OpenSSL internal representation.
Have fun.
From: Itay Dagan <[EMAIL PROTECTED]>
Subject: verify certificate - not from a file
To: openssl-dev@openssl.org
Date: Monday, November 24, 2008, 12:37 AM
Hi Guys
I am new in openssl - so hopfully I am not bringing up an
old issue :
I am trying to verify a certificate that I am saving as
string in a random place on my PC memory.
I know that there is the
"SSL_CTX_load_verify_locations()" that verify
certificate from a file or a path.
My Q is :
Does openssl supports taking certificate not from a file or
path but from a place in the memory ?
meaning - A function that gets a char* - reads the
certificate from that location and verifying it.
appreciate your help :)
I have the same need too, highly appreciate your helps.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
