Greg Stark wrote:
>
> I want my SSL client to load its trusted root certificates from memory, not
> from a file. Ideally, I'd like an equivalent to
>
> SSL_CTX_load_verify_locations( ctx, FileName, NULL)
>
> but instead of FileName takes something like a STACK_OF(X509) or whatever. I
> don't have any problem getting the certs into memory, it is getting them
> into the right spots in the SSL_CTX that I am having trouble with. I traced
> through the SSL_CTX_load_verify_locations() code a little ways and
> immediately was confronted with X509_LOOKUP methods and other
> horrors. I found some possibly relevant bits of code in verify.c, but
> perhaps someone has already solved this problem.
>
Try extracting the X509_STORE structure from the SSL_CTX using
SSL_CTX_get_cert_store() then add certificates using
X509_STORE_add_cert().
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
