Re: [openssl-users] Loading CA from memory
Thanks Viktor As usual, Your answer throws light. Now, it is time to get started. Will revert if got obstructed on the way On Wed, Feb 21, 2018 at 9:58 AM, Viktor Dukhovniwrote: > > > > On Feb 20, 2018, at 12:58 PM, Devchandra L Meetei > wrote: > > > > By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl? > > The basic functionality is already there: > > If you want to parse in-memory PEM, see the use of > PEM_X509_INFO_read_bio() [needs documentation] at: > >https://github.com/openssl/openssl/blob/master/apps/crl2p7.c#L179 > > if have a PKCS7 DER or PEM structure, there are suitable functions for > pulling > out a chain from that. Then you can set a "trusted stack" for your > X509_STORE_CTX. > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- Warm Regards --Dev OpenPegasus Developer "I'm one of those people that think Thomas Edison and the light bulb changed the world more than Karl Marx ever did,” Steve Jobs -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Loading CA from memory
> On Feb 20, 2018, at 12:58 PM, Devchandra L Meeteiwrote: > > By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl? The basic functionality is already there: If you want to parse in-memory PEM, see the use of PEM_X509_INFO_read_bio() [needs documentation] at: https://github.com/openssl/openssl/blob/master/apps/crl2p7.c#L179 if have a PKCS7 DER or PEM structure, there are suitable functions for pulling out a chain from that. Then you can set a "trusted stack" for your X509_STORE_CTX. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Loading CA from memory
Thanks Jakob for the hint Let me try out the suggested approach. By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl? On Tue, Feb 20, 2018 at 9:23 PM, Jakob Bohmwrote: > On 20/02/2018 16:38, Devchandra L Meetei wrote: > >> I have been looking for API like `SSL_CTX_load_verify_mem` which will >> load >> CA[s] from mem buffer. >> >> Looks like OpenSSL does not have it yet, Is there any other way to work >> around >> this ? >> >> >> I think it can be done step by step, at least in 1.0.x: > > First allocate an empty STACK_OF X509 certificates > > Then loop over your in-memory CA certificates, passing each to d2i_X509, > then adding the resulting X509 object to the stack. > > Finally pass that stack as the CA collection to an appropriate SSL_CTX > function. > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- Warm Regards --Dev OpenPegasus Developer "I'm one of those people that think Thomas Edison and the light bulb changed the world more than Karl Marx ever did,” Steve Jobs -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Loading CA from memory
On 20/02/2018 16:38, Devchandra L Meetei wrote: I have been looking for API like `SSL_CTX_load_verify_mem` which will load CA[s] from mem buffer. Looks like OpenSSL does not have it yet, Is there any other way to work around this ? I think it can be done step by step, at least in 1.0.x: First allocate an empty STACK_OF X509 certificates Then loop over your in-memory CA certificates, passing each to d2i_X509, then adding the resulting X509 object to the stack. Finally pass that stack as the CA collection to an appropriate SSL_CTX function. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Loading CA from memory
I have been looking for API like `SSL_CTX_load_verify_mem` which will load CA[s] from mem buffer. Looks like OpenSSL does not have it yet, Is there any other way to work around this ? -- Warm Regards --Dev OpenPegasus Developer "I'm one of those people that think Thomas Edison and the light bulb changed the world more than Karl Marx ever did,” Steve Jobs -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users