Sure, tomorrow though. My kids don't give me much time to think on computer stuff here at home. ;)
In message <[EMAIL PROTECTED]>, Xie Grace Jingru-LJX001 writes: >Thanks Chong Peng! It worked. > >The only thing I had to change was to pass in parameters in the following >function calls. > >Instead of: >PEM_read_bio_x509(bio, NULL, NULL, NULL); >PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL) > >I did: >PEM_read_bio_x509(bio, NULL, ctx->default_passwd_callback, >ctx->default_passwd_callback_userdata); >PEM_read_bio_PrivateKey(bio, NULL, ctx->default_passwd_callback, >ctx->default_passwd_callback_userdata); > > >Thanks, >-Grace >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chong Peng >Sent: Thursday, February 09, 2006 5:36 PM >To: openssl-users@openssl.org >Subject: RE: Hard-coded keys and cert in the image > > >forget one thing, after you have the private key (of type EVP_PKEY) and >certificate (of type X509, you use: > >SSL_CTX_use_certificate(ctx,cert) and SSL_CTX_use_PrivateKey(ctx, pkey) > >to read them into your ssl context. > >-----Original Message----- >From: Chong Peng >Sent: Thursday, February 09, 2006 5:25 PM >To: openssl-users@openssl.org >Subject: RE: Hard-coded keys and cert in the image > > >grace: > >i believe what your are trying to do is what i did a few days ago. here is how >you do it: > >1. obtain the private key and certificate in "pem" format, e.g., by using the >following openssl command: > >$ openssl genrsa -out key.pem 1024 >$ openssl req -new -key key.pem -out request.pem >$ openssl x509 -req -days 30 -in request.pem -signkey key.pem -out >certificate.pem $ openssl x509 -inform der -in certificate.crt -out >certificate. pem > >this will give you a self signed private key and certificate (in pem format). > >2. open the pem files (e.g., key.pem and certificate.pem) in a text editor, >copy and paste the the key and certificate to a c array. > >3. your c code is going to look like the following: > >#include "buffer.h" >#include "pem.h" >#include "evp.h" >#include "bio.h" >#include "x509.h" > >EVP_PKEY *pkey = NULL; >X509 *cert = NULL; > >const char skey[] = >"-----BEGIN RSA PRIVATE KEY----- >MIICXAIBAAKBgQC0SF/4JTo3XzffsPeNPbglZ6sz/f/mlUO/CUtB8hk0DTz3V/9r >iWagrVHjqaF/xikWFsxbzKecRyDDNyhgMWV8eeAVGpJSvmyJZH43MWO1zCiBXsi2 >MSHqQAJOfT803qTc3tPCb5k4UK5ytvwpQ8ZIyokrnQJS0FYKsonf3ASjKwIDAQAB >AoGAMR3Sv6lsze8sKs5s81cQV2iCFT0rPegGuAJRNZs+0JaWuJCJ7wNVKYtu1wa9 >EDGtue3mKVB9ja83NthNML/kdOszLc1G6NVnWYSzgBPPsyPAJkSZw8TQKODmw+LF >sqGFjC73s49/lWO12Tv8qA0Zf4sXRY9dMiqX5kA5m8OWXfECQQDYkv2B1xfNK41v >PPeggVapasX53ZIiOdjc5UuaOWU7GDLhlyyFUCkDdx4eviBAEclWfNSueJNcK1Me >pulScGFTAkEA1RoXxsYgFVbZsK1i9hjxEqoWzP7dQBJTWqi/77BaPQvqX12ctVk0 >pa0sR4XEKxGOBr11XJVlloTjpmm1hwLDyQJBAM25o1IpLhTZIDrgoSE4e0fngzQ9 >A0m7xYLf1RclGkIuVHbykXn5kVwXVOdDF4OE4cpkPeuV4fUVuplNWCnVUr0CQBWR >a4ChwtOGE8hO9ComQhf6gQ5EaU43zJnrZGm09p0hHJqEVf0Ax1RRX57pif4166MA >/+Tb9gky7/uCzW2ZuQkCQFUoAhZnV9sQoifQpkCE10J3fZNyNLEvHKU3b4/rwvn7 >5W618+Fr0DiwBkH07YSWRCVvi8rsYrK2/25DXSbXbD8= >-----END RSA PRIVATE KEY-----"; > >const char scert[] = >"-----BEGIN CERTIFICATE----- >MIICeTCCAeICCQDVIB2PKnpDmjANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMC >VVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdTQU5KT1NFMQ8wDQYDVQQKEwZNQVhY >QU4xDDAKBgNVBAsTA0VORzEOMAwGA1UEAxMFY2hvbmcxIzAhBgkqhkiG9w0BCQEW >FGNob25ncGVuZ0BtYXh4YW4uY29tMB4XDTA1MTIyMTA0MDcxNloXDTA2MDEyMDA0 >MDcxNlowgYAxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEBxMHU0FO >Sk9TRTEPMA0GA1UEChMGTUFYWEFOMQwwCgYDVQQLEwNFTkcxDjAMBgNVBAMTBWNo >b25nMSMwIQYJKoZIhvcNAQkBFhRjaG9uZ3BlbmdAbWF4eGFuLmNvbTCBnzANBgkq >hkiG9w0BAQEFAAOBjQAwgYkCgYEAtEhf+CU6N18337D3jT24JWerM/3/5pVDvwlL >QfIZNA0891f/a4lmoK1R46mhf8YpFhbMW8ynnEcgwzcoYDFlfHngFRqSUr5siWR+ >NzFjtcwogV7ItjEh6kACTn0/NN6k3N7Twm+ZOFCucrb8KUPGSMqJK50CUtBWCrKJ >39wEoysCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBX0jTsC73wXYHDhenL2piboCMQ >qF96W/YLShYJla3ipc8JG0GHStTjUY4w7KGjDJippRUhddv0CUAilD7EPYusr1oY >sk+Tt7QKCSLnued6NZwGnjIV78BmMi5gp5UEotgmPMk6Q6WKl0rVMbiJWqgy9f7b >Hk3SUgTCdn/T+ajIFQ== >-----END CERTIFICATE-----"; > > >int serverKey(void) >{ > BIO *bio; > > if( (bio=BIO_new_mem_buf((void *)skey, sizeof(skey))) == NULL) > { > return(-1); > } > > if( (pkey=PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)) == NULL) > { > BIO_free(bio); > return(-1); > } > > BIO_free(bio); > > return(0); >} > >int serverCert(void) >{ > > BIO *bio; > > if( (bio=BIO_new_mem_buf((void *)scert, sizeof(scert))) == NULL) > { > return(-1); > } > > if( (cert=PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) > { > BIO_free(bio); > return(-1); > } > > BIO_free(bio); > > return(0); > >} > >this piece of code worked in the embedded system i am working on, hope this >helps. > >chong peng > >-----Original Message----- >From: Xie Grace Jingru-LJX001 [mailto:[EMAIL PROTECTED] >Sent: Thursday, February 09, 2006 9:47 AM >To: openssl-users@openssl.org >Subject: Hard-coded keys and cert in the image > > > >Hello, > >If the privkey and cacert have to be hard-coded in the image (by using >#define), how can I tell SSL to look into these constants for the key and ce rt instead of the default directory? Which SSL routine I need to change to let SSL know the new location of the key and certificate? > >All suggestions are appreciated...! > >Grace > > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager [EMAIL PROTECTED] >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager [EMAIL PROTECTED] >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager [EMAIL PROTECTED] >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
