[openssl-users] Loading CA from memory

Viktor Dukhovni openssl-users at dukhovni.org
Wed Feb 21 04:28:03 UTC 2018



> On Feb 20, 2018, at 12:58 PM, Devchandra L Meetei <dlmeetei at gmail.com> wrote:
> 
> By the way, Is there any plan to port SSL_CTX_load_verify_mem to openssl?

The basic functionality is already there:

If you want to parse in-memory PEM, see the use of PEM_X509_INFO_read_bio() [needs documentation] at:

   https://github.com/openssl/openssl/blob/master/apps/crl2p7.c#L179

if have a PKCS7 DER or PEM structure, there are suitable functions for pulling
out a chain from that.  Then you can set a "trusted stack" for your X509_STORE_CTX.

-- 
	Viktor.



More information about the openssl-users mailing list