>From: owner-openssl-us...@openssl.org On Behalf Of Srivardhan Hebbar >Sent: Tuesday, 08 January, 2013 08:34
>X509_STORE_add_cert() would add a certificate to the list of trusted >certificates in the ctx. What is the way to remove a certificate from >this trusted store? Am not finding any function to remove the certificate. >Can anyone of you suggest a way to remove the certificate from this trusted >store? Or is there a way to make a already loaded certificate an untrusted one? I presume you mean an SSL_CTX and certs trusted for SSL authentication. (OpenSSL can use, and trust, certs for other purposes.) 1. An X509 object representing a cert in OpenSSL has an associated "aux" field of OpenSSL-added data including (optionally?) some trust settings. There are too many twisty passages for me to track down exactly what values can be in here, and what if any does what you want. 2. The data in an X509_STORE is just a STACK_OF(X509_OBJECT). I don't see any official API, but you could just grab x->objs and sk_*_delete from it. You probably need to do downref/free to avoid a leak, and to do locking if your program(s) will or might use this while multithreading. 3. If you want an official if clumsy way, create a new X509_STORE, initialize and fill it with everything from the existing one except the cert(s) you want to omit, and then use it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
