A small remark to the cod:

There is no need to use the PEM format of a cert. If you use the -C option
of openssl x509, you directly get a cert in a char[] form and its length, so
one can use d2i_X509.

theo borm wrote:

> Daniel Stenberg wrote:
>
>>
>> I liked it so much I added it to the docs/examples dir of the release
>> archives, and it is now available online here:
>>
>> http://curl.haxx.se/lxr/source/docs/examples/cacertinmem.c
>>
>> I hope you don't mind.
>>
> no problem.
>
> Please keep in mind that if you fetch multiple HTTPS URLS, the
> CURLOPT_SSL_CTX_FUNCTION callback function will be
> called for every transfer, and (re-) loading the same certificate the
> second/third etc. time will (should) fail.
>
> Loading certificate(s) should (in most cases) be a one-time per
> program initialization event, which could easily be achieved
> by calling (SSL_CTX *)curl_easy_get_SSL_context(void)
> (to be written) to get a pointer to the SSL context and doing
> the nescessary modifications once.
>
> Would there be objections to extending the API?
>
> Cheers, Theo
>
>
>

-- 
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité; 
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.