-
-
Save dchest/574388 to your computer and use it in GitHub Desktop.
| X509 *cert; | |
| char *zCert; | |
| BIO *mem; | |
| zCert = // get your certificate text buffer here (C string with certificate in PEM format) | |
| mem = BIO_new(BIO_s_mem()); | |
| BIO_puts(mem, zCert); | |
| cert = PEM_read_bio_X509(mem, NULL, 0, NULL); | |
| free(zCert); | |
| BIO_free(mem); | |
| // set certificate to sslCtx | |
| X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert); |
Great! Many thanks, thats exactly what i'm looking for.
I wonder how many other occult functions does OpenSSL have - the official documentation doesn't say a word about it even though it's extremely useful. Thanks, my code shrinked by many lines!
I wonder how many other occult functions does OpenSSL have - the official documentation doesn't say a word about it even though it's extremely useful. Thanks, my code shrinked by many lines!
Actually, the official document states those functions. It just the official document, for some reason, assuming that every single coder using OpenSSL is super brilliant and does not need any examples. It would be great if the official doc mentions some common scenarios and presenting functions with code examples in some contexts.
for anyone else who comes looking, if you have more than one pem file in zCert, you'll need to loop.
while (cert = PEM_read_bio_X509(mem, NULL, 0, NULL)) { X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert); }
It's indeed a good solution, I was not aware about it and was struggling to create store/stack from certificate chain.
Cheers!
I believe that to prevent a memory leak you need X509_free(cert);
for anyone else who comes looking, if you have more than one pem file in zCert, you'll need to loop.