Oh, sorry, wrong list... In message <[EMAIL PROTECTED]>, Sly Upah writes: >Sure, tomorrow though. >My kids don't give me much time to think on computer stuff here at home. ;) > >In message <[EMAIL PROTECTED]>, Xie Grace Jingru-LJX001 writes: >>Thanks Chong Peng! It worked. >> >>The only thing I had to change was to pass in parameters in the following >>function calls. >> >>Instead of: >>PEM_read_bio_x509(bio, NULL, NULL, NULL); >>PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL) >> >>I did: >>PEM_read_bio_x509(bio, NULL, ctx->default_passwd_callback, >>ctx->default_passwd_callback_userdata); >>PEM_read_bio_PrivateKey(bio, NULL, ctx->default_passwd_callback, >>ctx->default_passwd_callback_userdata); >> >> >>Thanks, >>-Grace >>-----Original Message----- >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chong Peng >>Sent: Thursday, February 09, 2006 5:36 PM >>To: openssl-users@openssl.org >>Subject: RE: Hard-coded keys and cert in the image >> >> >>forget one thing, after you have the private key (of type EVP_PKEY) and >>certificate (of type X509, you use: >> >>SSL_CTX_use_certificate(ctx,cert) and SSL_CTX_use_PrivateKey(ctx, pkey) >> >>to read them into your ssl context. >> >>-----Original Message----- >>From: Chong Peng >>Sent: Thursday, February 09, 2006 5:25 PM >>To: openssl-users@openssl.org >>Subject: RE: Hard-coded keys and cert in the image >> >> >>grace: >> >>i believe what your are trying to do is what i did a few days ago. here is >>how you do it: >> >>1. obtain the private key and certificate in "pem" format, e.g., by using the >>following openssl command: >> >>$ openssl genrsa -out key.pem 1024 >>$ openssl req -new -key key.pem -out request.pem >>$ openssl x509 -req -days 30 -in request.pem -signkey key.pem -out >>certificate.pem $ openssl x509 -inform der -in certificate.crt -out >>certificate. >pem >> >>this will give you a self signed private key and certificate (in pem format). >> >>2. open the pem files (e.g., key.pem and certificate.pem) in a text editor, >>copy and paste the the key and certificate to a c array. >> >>3. your c code is going to look like the following: >> >>#include "buffer.h" >>#include "pem.h" >>#include "evp.h" >>#include "bio.h" >>#include "x509.h" >> >>EVP_PKEY *pkey = NULL; >>X509 *cert = NULL; >> >>const char skey[] = >>"-----BEGIN RSA PRIVATE KEY----- >>MIICXAIBAAKBgQC0SF/4JTo3XzffsPeNPbglZ6sz/f/mlUO/CUtB8hk0DTz3V/9r >>iWagrVHjqaF/xikWFsxbzKecRyDDNyhgMWV8eeAVGpJSvmyJZH43MWO1zCiBXsi2 >>MSHqQAJOfT803qTc3tPCb5k4UK5ytvwpQ8ZIyokrnQJS0FYKsonf3ASjKwIDAQAB >>AoGAMR3Sv6lsze8sKs5s81cQV2iCFT0rPegGuAJRNZs+0JaWuJCJ7wNVKYtu1wa9 >>EDGtue3mKVB9ja83NthNML/kdOszLc1G6NVnWYSzgBPPsyPAJkSZw8TQKODmw+LF >>sqGFjC73s49/lWO12Tv8qA0Zf4sXRY9dMiqX5kA5m8OWXfECQQDYkv2B1xfNK41v >>PPeggVapasX53ZIiOdjc5UuaOWU7GDLhlyyFUCkDdx4eviBAEclWfNSueJNcK1Me >>pulScGFTAkEA1RoXxsYgFVbZsK1i9hjxEqoWzP7dQBJTWqi/77BaPQvqX12ctVk0 >>pa0sR4XEKxGOBr11XJVlloTjpmm1hwLDyQJBAM25o1IpLhTZIDrgoSE4e0fngzQ9 >>A0m7xYLf1RclGkIuVHbykXn5kVwXVOdDF4OE4cpkPeuV4fUVuplNWCnVUr0CQBWR >>a4ChwtOGE8hO9ComQhf6gQ5EaU43zJnrZGm09p0hHJqEVf0Ax1RRX57pif4166MA >>/+Tb9gky7/uCzW2ZuQkCQFUoAhZnV9sQoifQpkCE10J3fZNyNLEvHKU3b4/rwvn7 >>5W618+Fr0DiwBkH07YSWRCVvi8rsYrK2/25DXSbXbD8= >>-----END RSA PRIVATE KEY-----"; >> >>const char scert[] = >>"-----BEGIN CERTIFICATE----- >>MIICeTCCAeICCQDVIB2PKnpDmjANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMC >>VVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdTQU5KT1NFMQ8wDQYDVQQKEwZNQVhY >>QU4xDDAKBgNVBAsTA0VORzEOMAwGA1UEAxMFY2hvbmcxIzAhBgkqhkiG9w0BCQEW >>FGNob25ncGVuZ0BtYXh4YW4uY29tMB4XDTA1MTIyMTA0MDcxNloXDTA2MDEyMDA0 >>MDcxNlowgYAxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEBxMHU0FO >>Sk9TRTEPMA0GA1UEChMGTUFYWEFOMQwwCgYDVQQLEwNFTkcxDjAMBgNVBAMTBWNo >>b25nMSMwIQYJKoZIhvcNAQkBFhRjaG9uZ3BlbmdAbWF4eGFuLmNvbTCBnzANBgkq >>hkiG9w0BAQEFAAOBjQAwgYkCgYEAtEhf+CU6N18337D3jT24JWerM/3/5pVDvwlL >>QfIZNA0891f/a4lmoK1R46mhf8YpFhbMW8ynnEcgwzcoYDFlfHngFRqSUr5siWR+ >>NzFjtcwogV7ItjEh6kACTn0/NN6k3N7Twm+ZOFCucrb8KUPGSMqJK50CUtBWCrKJ >>39wEoysCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBX0jTsC73wXYHDhenL2piboCMQ >>qF96W/YLShYJla3ipc8JG0GHStTjUY4w7KGjDJippRUhddv0CUAilD7EPYusr1oY >>sk+Tt7QKCSLnued6NZwGnjIV78BmMi5gp5UEotgmPMk6Q6WKl0rVMbiJWqgy9f7b >>Hk3SUgTCdn/T+ajIFQ== >>-----END CERTIFICATE-----"; >> >> >>int serverKey(void) >>{ >> BIO *bio; >> >> if( (bio=BIO_new_mem_buf((void *)skey, sizeof(skey))) == NULL) >> { >> return(-1); >> } >> >> if( (pkey=PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)) == NULL) >> { >> BIO_free(bio); >> return(-1); >> } >> >> BIO_free(bio); >> >> return(0); >>} >> >>int serverCert(void) >>{ >> >> BIO *bio; >> >> if( (bio=BIO_new_mem_buf((void *)scert, sizeof(scert))) == NULL) >> { >> return(-1); >> } >> >> if( (cert=PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) >> { >> BIO_free(bio); >> return(-1); >> } >> >> BIO_free(bio); >> >> return(0); >> >>} >> >>this piece of code worked in the embedded system i am working on, hope this >>helps. >> >>chong peng >> >>-----Original Message----- >>From: Xie Grace Jingru-LJX001 [mailto:[EMAIL PROTECTED] >>Sent: Thursday, February 09, 2006 9:47 AM >>To: openssl-users@openssl.org >>Subject: Hard-coded keys and cert in the image >> >> >> >>Hello, >> >>If the privkey and cacert have to be hard-coded in the image (by using >>#define), how can I tell SSL to look into these constants for the key and ce >rt instead of the default directory? Which SSL routine I need to change to let >SSL know the new location of the key and certificate? >> >>All suggestions are appreciated...! >> >>Grace >> >> >>______________________________________________________________________ >>OpenSSL Project http://www.openssl.org >>User Support Mailing List openssl-users@openssl.org >>Automated List Manager [EMAIL PROTECTED] >>______________________________________________________________________ >>OpenSSL Project http://www.openssl.org >>User Support Mailing List openssl-users@openssl.org >>Automated List Manager [EMAIL PROTECTED] >>______________________________________________________________________ >>OpenSSL Project http://www.openssl.org >>User Support Mailing List openssl-users@openssl.org >>Automated List Manager [EMAIL PROTECTED] >>______________________________________________________________________ >>OpenSSL Project http://www.openssl.org >>User Support Mailing List openssl-users@openssl.org >>Automated List Manager [EMAIL PROTECTED] >> > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager [EMAIL PROTECTED] >
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
