cURL / Mailing Lists / curl-library / Single Mail


Re: Properly Implementing a Patch for CAINFO / ISSUERCERT

From: Georg Wicherski <>
Date: Wed, 20 Jun 2012 18:36:54 +0200

On 06/19/2012 08:40 AM, Peter Sylvester wrote:
> No, you don't need this. :-) What you want is to hard code some
> data that represents a certificate and use it as trust anchor.
> well, openssl x509 -C creates a buffer and length containing the
> data from the cert in der encoding. include this into your
> program. should be 'trivial' (see below).
> You can use the ssl initialisation callback,
> decode the cert in you main program, set the
> ssl callback parameter, and in the callback
> add it to the trust STORE.
> no bio, no pem, just d2i_x509.

I just did that and it works like a charm, thanks a lot!
List admin:
Received on 2012-06-20