cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: OpenSSL: Multiple CA paths

From: pcworld <0188801_at_googlemail.com>
Date: Sat, 28 Jul 2012 20:17:48 +0200

Am 22.07.2012 10:42, schrieb Oscar Koeroo:
> The normal file and hash_dir call is actually two calls, one to
> X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); and one to
> X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir()); with
> X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM) and
> X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM) respectively to extend
> the lookup methods in the SSL_CTX_STORE.
Thank you very much! The following seems to have worked:

static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) {
     X509_STORE *store = SSL_CTX_get_cert_store((SSL_CTX*) sslctx);
     X509_LOOKUP *lookup = X509_STORE_add_lookup(store,
X509_LOOKUP_hash_dir());
     X509_LOOKUP_add_dir(lookup, "/first/cert/dir", X509_FILETYPE_PEM);
     X509_LOOKUP_add_dir(lookup, "/second/cert/dir", X509_FILETYPE_PEM);
     X509_LOOKUP_add_dir(lookup, "/another/cert/dir", X509_FILETYPE_PEM);

     return CURLE_OK;
}

curl_easy_setopt(handle, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-07-28