On Tue, Aug 16, 2005, James Whitwell wrote: > Hi, > > Can anyone tell me if it's possible to embed a client certificate inside > my executable, and what calls I should use to tell OpenSSL to use it? I > think I'll also need to do it for the CA, since we use self-signed > certificates, and I want the client to verify the server's certificate too. >
Depends on whether you want it embedded in the executable after it has been linked or at compile time, i.e. embedded in a C source file. At compile time there is the -C command line switch in the 'x509' utility which will convert the certificte into a C character array. From there you can just use the d2i_X509() function on it. An alternative which works for other file formats as well is to use the U*ix xxd utility. E.g. xxd -i something.der If this is used for any kind of security you might consider obscuring the certificate in some way, to avoid simple replacement with a hex editor. Though a determined and knowledgeable attacker wont be so easily foiled. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
