Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Wed, 20 Nov 2002 11:29:26 +0100 (MET), Andreas Jusek <[EMAIL PROTECTED]> said:A more flexible approach is to embedded the PEM object (of ANY object) as a C string:
a.jusek> Since the connection is always established to the same
a.jusek> server, which is certified by an internal CA, I'm thinking
a.jusek> about hard wiring the CA's cert into the clinet's code. Does
a.jusek> anyone know how this can be done? How can I put the contents
a.jusek> of the file into an X509 object in the source code? Does
a.jusek> anyone have a better idea how to cope with this situation?
openssl x509 -C -in infile.pem
static const char cert[] =
"---- begin certificate ----\n\
MIIaaaaaaaaaaaaaaaaaaaaaaaa\n\
aaaaaaaaaaaaaaaaaaaaaaaaaaa\n\
aaaaaaaaaaaaaaaaa==\n\
---- end certificate ----\n";
and use BIO *BIO_new_mem_buf(cert, sizeof(cert)) to set up a buffer that can be used with any of the standard tools.
This allows you to embedded any object - even private keys. In the latter case you would want to embed an encrypted key and prompt the user for the passphrase.
BTW, I normally use this technique to support things like ephemeral keys. I try to load a user-specified file (e.g., dsaparams.pem), but if none are specified I'll fallback to hardcoded values instead of disabling ephemeral keys.
Bear
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
