Hello all,

First, thank you very much for this wonderful library. We're very
pleased with its flexible abilities!

I'm looking for an option to specify a single trusted root CA
certificate that is already loaded into memory in PEM format.

My situation is that my custom trusted root CA certificate is already
embedded into my executable as a resource (in Windows), and loaded into
memory, and I'm wondering if it can be used in Curl without saving it to
a file first.

I'm looking for an option in Curl that would do, internally, something
akin to:

(this is using OpenSSL. I don't know about other SSLs unfortunately)

SetSingleTrustedCACert(const char* pPEM, int nSize, int nTrustDepth)
{
     X509* pCert = NULL;
     BIO* pBio = BIO_new_mem_buf((void*)pPEM, nSize);
     if (pBio == NULL)

         ... Handle error

     if (PEM_read_bio_X509(pBio, &pCert, 0, NULL) == NULL)

     {

         BIO_free(pBio);
         ... Handle error

     }

     BIO_free(pBio);

     X509_STORE* pStore = SSL_CTX_get_cert_store(myCtx);
     if (pStore == NULL)

         ... Handle error

     if (!X509_STORE_add_cert(pStore, pCert))

     {

         X509_free(pCert);
         ... Handle error

     }

     X509_free(pCert);
     SSL_CTX_set_verify_depth(m_sslCtx, nTrustDepth);

     ... Return success

}

Is this possible at all? Or is saving to a file my only option?

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-05-29