In similar way, you could generate your own BIO by BIO_new_mem_buf((void*) cacert, len). Then call PEM_X509_INFO_read_bio, then e.g. for x509, use X509_STORE_add_cert for each one in sk_x509_INFO_num().
Hope this helps Huaqing On Wed, Jan 11, 2012 at 2:47 PM, Wojciech Kocjan <wojci...@kocjan.org>wrote: > Hello, > > I am working on reworking existing code that uses several OpenSSL APIs > from using files to store keys, certificates and CAs to passing this > directly from memory (so that it can be retrieved from memory, read > from encrypted storage among other things). > > This is my first post here, so if this is not the correct group and/or > anything below seems obvious/completely incorrect, please feel free to > correct me. > > Our code currently uses the following APIs: > > - SSL_CTX_use_certificate_file and SSL_CTX_use_PrivateKey_file > > This part seems easier. From what I understand, I can use BIO_s_mem > and pass it key/certificate data from memory. I could then use PEM to > get EVP_PKEY or X509. > > Then I could just invoke SSL_CTX_use_certificate() and > SSL_CTX_use_PrivateKey() directly. > > In practice it may be a bit more complex, but at least I know the solution. > > - SSL_CTX_load_verify_locations and SSL_CTX_set_client_CA_lis > > This part is the harder one. I was not able to find any APIs to do this. > > Another alternative I was wondering about is whether I can provide > another way for OpenSSL to access the keys - i.e. so that I can tell > that filename is something like mystorage://key1.pem and OpenSSL would > use my BIO (or create BIO_s_mem and preload it with data) instead of > BIO_s_file. > > Thanks. > > -- > WK > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Thank you. Best Regards, Michael(Huaqing) Wang
