OpenSSL OpenSSL - User

PKCS12 client

classic Classic list List threaded Threaded
4 messages Options
david kine
Reply | Threaded
Open this post in threaded view
|

PKCS12 client

david kine
I am writing an SSL client which utilizes a PKCS12
keystore.

I am able to create the keystore using OpenSSL
utilities, read the .p12 file using d2i_PKCS12_fp(),
and parse it using PKCS12_parse().  The X509 and
STACK_OF( X509 ) return parameters are all correct.

The next thing I need to do is set the trusted root
certificate authorities into a SSL_CTX.  Normally,
this is done with SSL_CTX_load_verify_locations(),
which reads a PEM file.  However, I already have the
X509 certificates in memory, but I cannot find a
function to load them into the SSL_CTX.

How does one load verify locations into a SSL_CTX from
in-memory X509 certificates?

Thanks!



               
__________________________________
Discover Yahoo!
Have fun online with music videos, cool games, IM and more. Check it out!
http://discover.yahoo.com/online.html
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Goetz Babin-Ebell
Reply | Threaded
Open this post in threaded view
|

Re: PKCS12 client

Goetz Babin-Ebell
david kine wrote:

> I am writing an SSL client which utilizes a PKCS12
> keystore.
>
> I am able to create the keystore using OpenSSL
> utilities, read the .p12 file using d2i_PKCS12_fp(),
> and parse it using PKCS12_parse().  The X509 and
> STACK_OF( X509 ) return parameters are all correct.
>
> The next thing I need to do is set the trusted root
> certificate authorities into a SSL_CTX.  Normally,
> this is done with SSL_CTX_load_verify_locations(),
> which reads a PEM file.  However, I already have the
> X509 certificates in memory, but I cannot find a
> function to load them into the SSL_CTX.
>
> How does one load verify locations into a SSL_CTX from
> in-memory X509 certificates?
You can get the X509_STORE from the SSL_CTX.
There you do an X509_STORE_add_cert()

Bye

Goetz

--
DMCA: The greed of the few outweighs the freedom of the many

smime.p7s (4K) Download Attachment
Heikki Toivonen
Reply | Threaded
Open this post in threaded view
|

Re: PKCS12 client

Heikki Toivonen
In reply to this post by david kine
david kine wrote:
> How does one load verify locations into a SSL_CTX from
> in-memory X509 certificates?

I believe you are after X509_STORE_add_cert(). You can use
SSL_CTX_get_cert_store() to get the store from an SSL_CTX.

--
  Heikki Toivonen


signature.asc (257 bytes) Download Attachment
david kine
Reply | Threaded
Open this post in threaded view
|

Re: PKCS12 client

david kine
In reply to this post by Goetz Babin-Ebell
Thank you Heikki Toivonen and Goetz Babin-Ebell, your
suggestions were very helpful.

-David

> david kine wrote:
 
> > How does one load verify locations into a SSL_CTX
> from
> > in-memory X509 certificates?
>
> You can get the X509_STORE from the SSL_CTX.
> There you do an X509_STORE_add_cert()
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Free forum by Nabble Edit this page