cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Properly Implementing a Patch for CAINFO / ISSUERCERT

From: Georg Wicherski <gw_at_oxff.net>
Date: Wed, 20 Jun 2012 18:36:54 +0200

On 06/19/2012 08:40 AM, Peter Sylvester wrote:
> No, you don't need this. :-) What you want is to hard code some
> data that represents a certificate and use it as trust anchor.
>
> well, openssl x509 -C creates a buffer and length containing the
> data from the cert in der encoding. include this into your
> program. should be 'trivial' (see below).
>
> You can use the ssl initialisation callback,
> decode the cert in you main program, set the
> ssl callback parameter, and in the callback
> add it to the trust STORE.
> no bio, no pem, just d2i_x509.

I just did that and it works like a charm, thanks a lot!
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-06-20

This message: [ Message body ]
Next message: Felix E. Klee: "Re: curl_multi_socket + libev: monitoring data?"
Previous message: Alexandre BM: "Re: gcc compile problem under ubuntu"
In reply to: Peter Sylvester: "Re: Properly Implementing a Patch for CAINFO / ISSUERCERT"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]