In-memory SSL_CTX_use_certificate_chain_file?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

In-memory SSL_CTX_use_certificate_chain_file?

Felipe Gasper-2
Hello,

Is there any equivalent to SSL_CTX_use_certificate_chain_file for a PEM buffet that’s already in memory?

Thank you!

-F
Reply | Threaded
Open this post in threaded view
|

Re: In-memory SSL_CTX_use_certificate_chain_file?

Felipe Gasper-2
Buffer, not buffet. Silly autocorrect!

-F

> On Mar 17, 2019, at 7:21 PM, Felipe Gasper <[hidden email]> wrote:
>
> Hello,
>
> Is there any equivalent to SSL_CTX_use_certificate_chain_file for a PEM buffet that’s already in memory?
>
> Thank you!
>
> -F

Reply | Threaded
Open this post in threaded view
|

Re: In-memory SSL_CTX_use_certificate_chain_file?

d3x0r


On Sun, Mar 17, 2019 at 4:46 PM Felipe Gasper <[hidden email]> wrote:
Buffer, not buffet. Silly autocorrect!

-F

> On Mar 17, 2019, at 7:21 PM, Felipe Gasper <[hidden email]> wrote:
>
> Hello,
>
> Is there any equivalent to SSL_CTX_use_certificate_chain_file for a PEM buffet that’s already in memory?
SSL_CTX_use_certificate( ses->ctx, sk_X509_value( ses->cert->chain, 0 ) ); ? 
SSL_CTX_add_extra_chain_cert( ses->ctx, sk_X509_value( ses->cert->chain, n ) );

and/or maybe

X509_STORE *store = SSL_CTX_get_cert_store( ses->ctx );
X509_STORE_add_cert( store, cert );

>
> Thank you!
>
> -F

Reply | Threaded
Open this post in threaded view
|

Re: In-memory SSL_CTX_use_certificate_chain_file?

Felipe Gasper-2


On Mar 17, 2019, at 7:55 PM, J Decker <[hidden email]> wrote:

On Sun, Mar 17, 2019 at 4:46 PM Felipe Gasper <[hidden email]> wrote:
Buffer, not buffet. Silly autocorrect!

-F

> On Mar 17, 2019, at 7:21 PM, Felipe Gasper <[hidden email]> wrote:
>
> Hello,
>
> Is there any equivalent to SSL_CTX_use_certificate_chain_file for a PEM buffet that’s already in memory?
SSL_CTX_use_certificate( ses->ctx, sk_X509_value( ses->cert->chain, 0 ) ); ? 
SSL_CTX_add_extra_chain_cert( ses->ctx, sk_X509_value( ses->cert->chain, n ) );

Yeah, but then I have to determine how many certs are in the bundle, parse it, etc. I was hoping to get a function that does all of that in one fell swoop like the ..._file() function.

I mean, I guess I can copy/paste and tweak for now. Would a refactor in a PR be of interest?

-FG


Reply | Threaded
Open this post in threaded view
|

Re: In-memory SSL_CTX_use_certificate_chain_file?

d3x0r


On Sun, Mar 17, 2019 at 5:17 PM Felipe Gasper <[hidden email]> wrote:


On Mar 17, 2019, at 7:55 PM, J Decker <[hidden email]> wrote:

On Sun, Mar 17, 2019 at 4:46 PM Felipe Gasper <[hidden email]> wrote:
Buffer, not buffet. Silly autocorrect!

-F

> On Mar 17, 2019, at 7:21 PM, Felipe Gasper <[hidden email]> wrote:
>
> Hello,
>
> Is there any equivalent to SSL_CTX_use_certificate_chain_file for a PEM buffet that’s already in memory?
SSL_CTX_use_certificate( ses->ctx, sk_X509_value( ses->cert->chain, 0 ) ); ? 
SSL_CTX_add_extra_chain_cert( ses->ctx, sk_X509_value( ses->cert->chain, n ) );

Yeah, but then I have to determine how many certs are in the bundle, parse it, etc. I was hoping to get a function that does all of that in one fell swoop like the ..._file() function.

I mean, I guess I can copy/paste and tweak for now. Would a refactor in a PR be of interest?


that top of this takes the input, uses bio to parse into x509 stack, and then uses the stack setting up the ctx...

 
-FG