Re: Reading SSL certs from buffer
On 06/14/2012 07:11 AM, Dmitry Ponomarev wrote: I haven't. But I actually it is one function call. I'm sure that OpenSSL has that ability. Also I can check other SSL libs for it to workout. But I assume you are interested in such a feature, aren't you? In worst case we can do that only for those ssl libs that supports certs from buffer. For those which do not we can return some error code when setopt get called. curl can use the openssl ssl callback to fill the trust store you might look into an old piece of code in the examples curlx. It takes at least one CA (obtained from a pkcs12) and adds it to the STORE. openssl x509 -C provides a method to create a c snippet containing a cert in a static buffer. I think it would be indeed interesting to enhance the certtype by a buffer to a list of certs to make this available for all ssl libraries. /PS --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Reading SSL certs from buffer
Hello all. Have question about feature that i've implemented in curl locally for my purposes. I have CYASSL + CURL. In my project there is a need to set Certs not from file but using a buffer. I haven't found that possible in current implementation. I have implemented it using list approach like with slist. So several buffers can be joined together. List node stores pointer to buffer (not the data itself pointed by), length of data and format. Guys, if you interested in such a feature i can prepare a patches and send it. Thanks you in advance. -- WBR Dmitry E. Ponomarev --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
Re: Reading SSL certs from buffer
I haven't. But I actually it is one function call. I'm sure that OpenSSL has that ability. Also I can check other SSL libs for it to workout. But I assume you are interested in such a feature, aren't you? In worst case we can do that only for those ssl libs that supports certs from buffer. For those which do not we can return some error code when setopt get called. I'm asking all these since I have limited resources and need carefully estimate that work and be surfe it is could be usefull not only for me. Thank you in advance. WBR, Dmitry Ponomarev On Jun 14, 2012, at 1:23 AM, Daniel Stenberg dan...@haxx.se wrote: On Wed, 13 Jun 2012, Дмитрий Пономарёв wrote: In my project there is a need to set Certs not from file but using a buffer. I haven't found that possible in current implementation. I have implemented it using list approach like with slist. So several buffers can be joined together. List node stores pointer to buffer (not the data itself pointed by), length of data and format. Guys, if you interested in such a feature i can prepare a patches and send it. Sounds very interesting! Have you looked anything at all at how hard/easy that is to do for any other SSL library? -- / daniel.haxx.se --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html --- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
