> > I need a way to call something in OpenSSL to tell OpenSSL
> that our own
> > little certificate authority is trusted. Does anybody know
> what I need
> > to do?
>
> Fast easy way would be to specify name of the file with your CA
> certificate inside:
> SSL_CTX_load_verify_locations(ctx, file, NULL)
Is there any way to do this that doesn't involve having the certificate in a
file, but can do it with a certificate in memory? I'm writing some
client-server code where the user of the client is not trusted (yes, I know
that I'm assuming they don't know use a debugger to crack software), and I'd
like it to not be possible for the user to replace our CA certificate with
their own, construct a fake server (not that hard for this particular
client), authenticate it with their own CA certificate, and then run the
client against the fake server rather than our server. If the CA certificate
were hard-coded in the executable, that would be a lot harder for them to
do. My current plan is to write the CA certificate out to file just before I
open the connection, but if there's a more elegant solution I'd love to know
how to do it.
--Roger Dearnaley <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
