On Fri, Feb 03, 2012, Dan Schmitt wrote: > I have a situation where I'd like my client to validate > against my server, but I don't expect the default CA > .pem files for openSSL to be there. > > Is there a way to take > > SSL_CTX *mySSL_CTX = existing_ssl_ctx; > > char *foo = "....valid pem string...."; > BIO *bio = BIO_new_mem_buf(foo, -1); > X509 *cert = PEM_read_bio_X509(bio, &cert, 0, NULL); > > and stick it into the the SSL_CTX the way all the sample > code does with things like > > X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); > > only with the BIO? > > Or is there a hint at where I should look for a better guess about > mapping an X509* somewhere into the CA list for an SSL_CTX* >
You can get the X509_STORE structure used by an SSL_CTX with SSL_CTX_get_cert_store(). Once you have that you can call X509_STORE_add_cert() and pass in the X509 structure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
