In-memory SSL_CTX_use_certificate_chain_file?
J Decker
d3ck0r at gmail.com
Mon Mar 18 00:28:27 UTC 2019
On Sun, Mar 17, 2019 at 5:17 PM Felipe Gasper <felipe at felipegasper.com>
wrote:
>
>
> On Mar 17, 2019, at 7:55 PM, J Decker <d3ck0r at gmail.com> wrote:
>
>
> On Sun, Mar 17, 2019 at 4:46 PM Felipe Gasper <felipe at felipegasper.com>
> wrote:
>
>> Buffer, not buffet. Silly autocorrect!
>>
>> -F
>>
>> > On Mar 17, 2019, at 7:21 PM, Felipe Gasper <felipe at felipegasper.com>
>> wrote:
>> >
>> > Hello,
>> >
>> > Is there any equivalent to SSL_CTX_use_certificate_chain_file for a PEM
>> buffet that’s already in memory?
>>
> SSL_CTX_use_certificate( ses->ctx, sk_X509_value( ses->cert->chain, 0 ) );
> ?
> SSL_CTX_add_extra_chain_cert( ses->ctx, sk_X509_value( ses->cert->chain, n
> ) );
>
>
> Yeah, but then I have to determine how many certs are in the bundle, parse
> it, etc. I was hoping to get a function that does all of that in one fell
> swoop like the ..._file() function.
>
> I mean, I guess I can copy/paste and tweak for now. Would a refactor in a
> PR be of interest?
>
>
that top of this takes the input, uses bio to parse into x509 stack, and
then uses the stack setting up the ctx...
https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L665-L753
> -FG
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190317/198ec796/attachment.html>
More information about the openssl-users
mailing list