From: Brian Wotring <[EMAIL PROTECTED]>
brian> >int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
brian> > const char *CAfile,
brian> > const char *CApath);
brian> >
brian> >CAfile == the name of the file containing your CA cert.
brian> >CApath == the name of the directory containing your CA setup.
brian> >
brian> >You can pass NULL in for CApath.
brian> >
brian> >When you say your CA cert is "loaded in memory", presumably it
brian> >was loaded from a file?
brian>
brian> Does it have to be? Can an cert be hard coded into an application?
Yes, but it can't be loaded through SSL_CTX_load_verify_locations().
That function is currently based on files and directories. You can
either load the cert directly into the store:
SSL_CTX *ctx;
X509 *x; /* This is a X509 blob you have to fill in some way */
X509_STORE_add_cert(ctx->cert_store,x);
or if you want to be fancy, you can create your own X509_LOOKUP and
use it as an interface to your certificate source. I haven't done
anything like that myself, so I suggest you take a look at
crypto/x509/by_*.c to figure it out (which I might have to do as well
:-)).
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
