On Wed, Apr 02, 2008, GeraGray wrote:

> Hi,
>
> My server application now reads server and root certificates from
> files, like that:
> SSL_CTX_use_certificate_chain_file(ctx, ser_cert);
> SSL_CTX_use_PrivateKey_file(ctx, ser_key, SSL_FILETYPE_PEM);
> SSL_CTX_load_verify_locations(ctx, rootcert, NULL);
>
> But for security reasons it been decided that certifictes should not
> be stored in the file system but keep in the memory. I found a
> replacement for the 1st and 2nd function (where buf is a char array
> with certificates):
> SSL_CTX_use_certificate_ASN1(ctx, len, buf);
> SSL_CTX_use_PrivateKey_ASN1(ctx, len, buf);
>
> but i can't find anything similar for loading root certificate. Does
> anybody know a way to load root certificate from memory?
>


You convert the certiifcate into an X509 structure using d2i_X509() then
retrieve the SSL_CTX store using SSL_CTX_get_store. Add the cert
using X509_STORE_add_cert(). Finally free up the X509 structure with
X509_free().

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org