subject:"\[openssl\-users\] Loading CA from memory"

Re: [openssl-users] Loading CA from memory

2018-02-20 Thread Devchandra L Meetei

Thanks Viktor
As usual, Your answer throws light. Now, it is time to get started.
Will revert if got obstructed on the way

On Wed, Feb 21, 2018 at 9:58 AM, Viktor Dukhovni  wrote:

>
>
> > On Feb 20, 2018, at 12:58 PM, Devchandra L Meetei 
> wrote:
> >
> > By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl?
>
> The basic functionality is already there:
>
> If you want to parse in-memory PEM, see the use of
> PEM_X509_INFO_read_bio() [needs documentation] at:
>
>https://github.com/openssl/openssl/blob/master/apps/crl2p7.c#L179
>
> if have a PKCS7 DER or PEM structure, there are suitable functions for
> pulling
> out a chain from that.  Then you can set a "trusted stack" for your
> X509_STORE_CTX.
>
> --
> Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
Warm Regards
--Dev
OpenPegasus Developer

"I'm one of those people that think Thomas Edison and the light bulb
changed the world more than Karl Marx ever did,” Steve Jobs
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Loading CA from memory

2018-02-20 Thread Viktor Dukhovni

> On Feb 20, 2018, at 12:58 PM, Devchandra L Meetei  wrote:
> 
> By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl?

The basic functionality is already there:

If you want to parse in-memory PEM, see the use of PEM_X509_INFO_read_bio() 
[needs documentation] at:

   https://github.com/openssl/openssl/blob/master/apps/crl2p7.c#L179

if have a PKCS7 DER or PEM structure, there are suitable functions for pulling
out a chain from that.  Then you can set a "trusted stack" for your 
X509_STORE_CTX.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Loading CA from memory

2018-02-20 Thread Devchandra L Meetei

Thanks Jakob for the hint
Let me try out the suggested approach.

By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl?

On Tue, Feb 20, 2018 at 9:23 PM, Jakob Bohm  wrote:

> On 20/02/2018 16:38, Devchandra L Meetei wrote:
>
>> I have been looking for  API like `SSL_CTX_load_verify_mem` which will
>> load
>> CA[s] from mem buffer.
>>
>> Looks like OpenSSL does not have it yet, Is there any other way to work
>> around
>> this ?
>>
>>
>> I think it can be done step by step, at least in 1.0.x:
>
> First allocate an empty STACK_OF X509 certificates
>
> Then loop over your in-memory CA certificates, passing each to d2i_X509,
> then adding the resulting X509 object to the stack.
>
> Finally pass that stack as the CA collection to an appropriate SSL_CTX
> function.
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
Warm Regards
--Dev
OpenPegasus Developer

"I'm one of those people that think Thomas Edison and the light bulb
changed the world more than Karl Marx ever did,” Steve Jobs
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Loading CA from memory

2018-02-20 Thread Jakob Bohm


On 20/02/2018 16:38, Devchandra L Meetei wrote:
I have been looking for  API like `SSL_CTX_load_verify_mem` which will 
load

CA[s] from mem buffer.

Looks like OpenSSL does not have it yet, Is there any other way to 
work around

this ?



I think it can be done step by step, at least in 1.0.x:

First allocate an empty STACK_OF X509 certificates

Then loop over your in-memory CA certificates, passing each to d2i_X509, 
then adding the resulting X509 object to the stack.


Finally pass that stack as the CA collection to an appropriate SSL_CTX 
function.



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Loading CA from memory

2018-02-20 Thread Devchandra L Meetei

I have been looking for  API like `SSL_CTX_load_verify_mem` which will load
CA[s] from mem buffer.

Looks like OpenSSL does not have it yet, Is there any other way to work
around
this ?

-- 
Warm Regards
--Dev
OpenPegasus Developer

"I'm one of those people that think Thomas Edison and the light bulb
changed the world more than Karl Marx ever did,” Steve Jobs
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Loading CA from memory

Re: [openssl-users] Loading CA from memory

Re: [openssl-users] Loading CA from memory

Re: [openssl-users] Loading CA from memory

[openssl-users] Loading CA from memory

5 matches

Site Navigation

Mail list logo

Footer information