Currently we are storing certificates/keys in filesystem and using the SSL apis like SSL_CTX_use_certificate_chain_file and SSL_CTX_load_verify_locations to load the certificate chain from file system for server and client purpose.
We want to avoid storing in filesystem, but read the certificates from our internal database directly. I could find many possible APIs for it as below 1)SL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); 2)SSL_CTX_use_certificate(SSL *ssl, X509 *x); 3)SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs); 4)int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st) 5); int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st) 6); int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 7) int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 8)int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); I 9)nt SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); I 10)nt SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); I 11)nt SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); and i am confused which one to use. For example which API is the substitute for SSL_CTX_use_certificate_chain_file ? Which is the substitute for SSL_CTX_load_verify_locations? Will SSL_CTX_set_cert_store work for both the purposes - to load End entity + sub CA certificates for server and to load sub CAs and root CA for the client? Thanks and Regards Zakkir
