What would be the equivalent to do the root certificate to be used during validation?
Basically the next step for me is not having to have the SSL_CTX_load_verify_locations call. The SSL_CTX_set_cert_store seems to be what I want, but I don't find documentation on how to create the store in the first place. Thanks, Alberto On Fri, 2006-02-10 at 02:33 +0100, Dr. Stephen Henson wrote: > On Thu, Feb 09, 2006, Xie Grace Jingru-LJX001 wrote: > > > > > If the privkey and cacert have to be hard-coded in the image (by using > > #define), how can I tell SSL to look into these constants for the key and > > cert instead of the default directory? Which SSL routine I need to change to > > let SSL know the new location of the key and certificate? > > > > Well you wont get it with a #define but a variable will do. There are several > methods to do this. > > The OpenSSL "x509" utility has a -C option which will output C code directly. > > Alternatively you can convert the data in DER format using for example: > > openssl x509 -in cert.pem -outform DER -out cert.der > > then the Unix utility "xxd" can convert this to a C array. Then a d2i > ASN1 function can convert the result into an X509 structure. This X509 > structure can then be used to pass the certificate to the SSL library. > > A private key is similar except you use a different d2i function and get an > EVP_PKEY structure. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
