On Fri, Feb 03, 2006 at 02:54:38PM -0600, Alberto Alonso wrote:
> I would like to be able to hard code the key/cert in the
> application instead of having files.
>
> Is there something similar to: SSL_CTX_use_PrivateKey_file
> and SSL_CTX_use_PrivateKey_file but that I can use pointers
> memory?
>
> If so, how do I convert the current files into that binary
> data format?
>
> I would also like to have already in memory the cert chain
> for the root cert.
>
> The goal is to distribute a single binary that doesn't depend
> on any external files that can verify that it is connecting
> to the right server.
SSL_CTX_use_PrivateKey_ASN1 takes a pointer to char* and a length.
Although, all that does is call d2i_PrivateKey and then
SSL_CTX_use_PrivateKey and error check everything... d2i_* takes a DER
encoded something and returns the internal version.
So you can, at compile time, build a small app which will read a
key/certificate/etc and use an i2d_* routine to DER encode it, dropping
that into a file. The file you run through a quick filter to turn into
a suitable include file making the binary data a character
array. ("od" may help doing this with the right options, or failing
that a quick perl script).
Then you can just use the pointer to that into d2i_PrivateKey then
SSL_CTX_use_PrivateKey at runtime.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
