passing CA bundle as buffer, instead of file path, to X509_STORE_CTX_ functions

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

passing CA bundle as buffer, instead of file path, to X509_STORE_CTX_ functions

Eli Golosovsky
Is there an option, in OpenSSL 1.1.1, to load a CA bundle from memory (buffer / string) instead of loading it from a file?

From my experience, loading a CA bundle can be achieved by using the X509_STORE_CTX_ functions, on an X509_STORE_CTX object, representing the certificate, and finalizing with X509_verify_cert. But I know of no way to load the CA bundle not from disk. 

Thanks in advance,
Ilya Golosovsky

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: passing CA bundle as buffer, instead of file path, to X509_STORE_CTX_ functions

d3x0r
You can use a BIO_new( BIO_s_mem() ) to feed the memory through BIO_writeand  PEM_read_bio_X509

something like ...

On Tue, Sep 4, 2018 at 8:07 AM Eli Golosovsky <[hidden email]> wrote:
Is there an option, in OpenSSL 1.1.1, to load a CA bundle from memory (buffer / string) instead of loading it from a file?

From my experience, loading a CA bundle can be achieved by using the X509_STORE_CTX_ functions, on an X509_STORE_CTX object, representing the certificate, and finalizing with X509_verify_cert. But I know of no way to load the CA bundle not from disk. 

Thanks in advance,
Ilya Golosovsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users