Resending since the previous post attempt failed
On Mon, Aug 18, 2014 at 12:52 PM, zakkir hussain Kharim < zakkir.kha...@gmail.com> wrote: > Currently we are storing certificates/keys in filesystem and using the SSL > apis like SSL_CTX_use_certificate_chain_file and > SSL_CTX_load_verify_locations to load the certificate chain from file > system for server and client purpose. > > We want to avoid storing in filesystem, but read the certificates from our > internal database directly. I could find many possible APIs for it as below > 1)SL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); > 2)SSL_CTX_use_certificate(SSL *ssl, X509 *x); > 3)SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs); > 4)int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st) > 5); int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st) > 6); int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); > 7) int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); > 8)int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); I > 9)nt SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); I > 10)nt SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); I > 11)nt SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); > > and i am confused which one to use. > > For example which API is the substitute for > SSL_CTX_use_certificate_chain_file ? > Which is the substitute for SSL_CTX_load_verify_locations? Will > SSL_CTX_set_cert_store > work for both the purposes - to load End entity + sub CA certificates for > server and to load sub CAs and root CA for the client? > > > Thanks and Regards > Zakkir > >
