Hello,
I am developing an SSL-secured client/server application. In one special
case, the client machine isn't trusted to be secure. Therefore I can not
put a CA's certificate into the filesystem, because otherwise an attacker
could exchange it and redirect the next connection to the server to his own
machine being certified by the fakeed CA's cert.
Since the connection is always established to the same server, which is
certified by an internal CA, I'm thinking about hard wiring the CA's cert
into the clinet's code. Does anyone know how this can be done? How can I
put the contents of the file into an X509 object in the source code?
Does anyone have a better idea how to cope with this situation?
Many thanks!
Best regards
Andreas Jusek
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
