You might want to check out MatrixSSL (http://www.matrixssl.org) which is a
fairly successful attempt to provide a SSL implementation for embedded systems.
--- On Tue, 9/29/09, Jose Stein wrote:
From: Jose Stein
Subject: OpenSSL RAM usage
To: openssl-users@openssl.org
Date: Tuesday, September
When you specify the flag X509_V_FLAG_CRL_CHECK for the cert verification, then
you will need to have a valid corresponding CRL for the last cert in the cert
chain. And if you specify the flag X509_V_FLAG_CRL_CHECK then you will need to
have corresponding CRLs for all the certs available in the
There is a tiny bug in code above which causes some memory leak. To prevent
that, the line below inside the do {...} while(0) loop:
X509_STORE_CTX *pCertContext =
X509_STORE_CTX_new();
needs to be changed to:
pCertContext = X509_STORE_CTX_new();
The code below should help you to do what you need. (Assuming that pbCA and
pbEndUserCert pointing to memory locations that your CA and end user certs are
loaded to.) An alternative solution can involve using the function
"X509_STORE_load_locations" to let OpenSSL load your CA certs for you inst
