On Fri, Jul 27, 2001 at 10:44:08AM +0000, Edward Woodstarf wrote:
> I need to retrieve CA certificates from an exsisting certificate store and
> make them available to my client application for verifying server
> certficates.
> I can't write these certs back to the harddrive for performance reasons and
> issues with multithreadding.
> I need to convert the certificates first and then add them into the store.
> Is it possible for me to add the certficates myself using a different bunch
> of functions. I'm currently looking at the SSL_CTX_use_certificate functions
> am I in the right place.
The CA certificates specified by CAfile are loaded into the X509_STORE
object and will be automatically retrieved from there during the verification
procedure.
After converting the certificates into the internal X509 representation,
you can load them using the (yet undocumented)
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
function.
The X509_STORE is related to the SSL_CTX object. You can retrieve the
pointer to it by using
X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *);
You therefore can do:
SSL_CTX *ctx;
X509_STORE *cert_store;
X508 *cert1, *cert2, ...;
ctx=SSL_CTX_new(...)
cert_store=SSL_CTX_get_cert_store(ctx);
X509_STORE_add_cert(cert_store, cert1);
...
For more details about the functions you have to look into
openssl/crypto/x509/...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
