On 06/14/2012 07:11 AM, Dmitry Ponomarev wrote:
> I haven't. But I actually it is one function call. I'm sure that OpenSSL has that ability. Also I can check other SSL libs for it to workout.
>
> But I assume you are interested in such a feature, aren't you?
> In worst case we can do that only for those ssl libs that supports certs from buffer. For those which do not we can return some error code when setopt get called.
>
>
curl can use the openssl ssl callback to fill the trust store
you might look into an old piece of code in the examples "curlx".
It takes at least one CA (obtained from a pkcs12) and adds
it to the STORE. openssl x509 -C provides a method to
create a c snippet containing a cert in a static buffer.

I think it would be indeed interesting to enhance the certtype
by a buffer to a list of certs to make this available for
all ssl libraries.

/PS

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-06-14