Hi Simon, That would be extremely complex. From what I can see Synapse doesn't have any support for that. When calling the openssl library directly the only way I see is to implement your own certificate verification callback function using SslCtxSetVerify() and/or SSL_CTX_set_cert_verify_callback() (good luck!!!). OpenSSL is coming from unix where everything is a file, hence ....
But why would you want to so? Root CA's are a moving target. The file on curl.haxx.se for example is auto-generated on a weekly basis. If distributing the root ca file is the concern you can always include it in your program as a resource and save the data to disk when executing your program. Ludo -----Message d'origine----- De : Simon L [mailto:sim...@gmail.com] Envoyé : mercredi 23 février 2011 05:05 À : Ararat Synapse Objet : Re: [Synalist] RE : RE : [HttpSend] How to verify server'scertificate? Hi Ludo, Is it possible to store the root CA in memory instead of in an external file? Thanks. Simon On Tue, Feb 15, 2011 at 5:32 AM, Ludo Brands <ludo.bra...@free.fr> wrote: > Hi Simon, > > If HTTPMethod returns false then check HTTP.Sock.SSL.LastErrorDesc. > > When it says something like 'error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' and > the site opens correctly in your browser, then openssl probably hasn't > any root certificate authorities to compare with. As > www.openssl.org/support/faq.html says: "The OpenSSL software is > shipped without any root CA certificate as the OpenSSL project does > not have any policy on including or excluding any specific CA and does > not intend to set up such a policy. Deciding about which CAs to > support is up to application developers or administrators. " > > Ludo > > > -----Message d'origine----- > De : Simon L [mailto:sim...@gmail.com] > Envoyé : lundi 14 février 2011 22:46 > À : Ararat Synapse > Objet : Re: [Synalist] RE : [HttpSend] How to verify server's > certificate? > > > Hi Ludo, > > Unfortunately this doesn't seem to work. > > When HTTP.Sock.SSL.VerifyCert is true, HTTPMethod returns > immediately. Please advise. Thanks. > > > Simon > > On Sun, Feb 13, 2011 at 9:00 AM, Ludo Brands <ludo.bra...@free.fr> > wrote: >> Hi, >> >> HTTP := THTTPSend.Create; >> HTTP.Sock.SSL.VerifyCert:=true; >> .... >> >> does the certificate verification. Works apparently only with the >> openssl library. >> >> Ludo >> >> >> -----Message d'origine----- >> De : Simon L [mailto:sim...@gmail.com] >> Envoyé : dimanche 13 février 2011 12:06 >> À : synalist-public@lists.sourceforge.net >> Objet : [Synalist] [HttpSend] How to verify server's certificate? >> >> >> Before data is transfered over an HTTPS connection, I want to make >> sure that the website's certificate is genuine. >> >> How to do that? Thanks. >> >> Simon >> >> --------------------------------------------------------------------- >> - >> ------ >> -- >> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: >> Pinpoint memory and threading errors before they happen. Find and fix more >> than 250 security defects in the development cycle. Locate bottlenecks in >> serial and parallel code that limit performance. >> http://p.sf.net/sfu/intel-dev2devfeb >> _______________________________________________ >> synalist-public mailing list synalist-public@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/synalist-public >> >> >> --------------------------------------------------------------------- >> - >> -------- >> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: >> Pinpoint memory and threading errors before they happen. >> Find and fix more than 250 security defects in the development cycle. >> Locate bottlenecks in serial and parallel code that limit performance. >> http://p.sf.net/sfu/intel-dev2devfeb >> _______________________________________________ >> synalist-public mailing list >> synalist-public@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/synalist-public >> > > ---------------------------------------------------------------------- > ------ > -- > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. Find and fix more > than 250 security defects in the development cycle. Locate bottlenecks in > serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > synalist-public mailing list synalist-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/synalist-public > > > ---------------------------------------------------------------------- > -------- > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > synalist-public mailing list > synalist-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/synalist-public > ---------------------------------------------------------------------------- -- Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
