Boost logo

Boost Users :

From: Eugene M. Kim (gene_at_[hidden])
Date: 2008-03-07 16:47:26


If you really need to use your own certificates, allocate and populate
your own ::X509_STORE instance and pass it to ::SSL_CTX_set_cert_store()
instead of calling ::SSL_CTX_load_verify_locations().
(SSL_CTX_load_verify_locations() internally uses the same X509_STORE
structure.)

However, there is no public documentation of X509_STORE as of yet (see
SSL_CTX_set_cert_store(3)) so you may have to dig into the OpenSSL
source code in order to figure out exactly how you fill the structure out.

This is getting off-topic for this list; you may want to direct further
questions to openssl-users_at_openssl.org. And in order to make this email
on-topic (well, kind of), I'm going to re-iterate: Use
boost::asio::ssl::context::impl() to obtain the underlying SSL_CTX
pointer, with which you can use virtually all SSL_CTX_* functions from
OpenSSL. :-)

Eugene

j.c. wrote:
> (Certificate files might be encrypted as well from the technical point
> of view, it however does not make sense as the data in the
> certificate
> is considered public anyway.)
> On Mar 6, 2008, at 2:19 PM, j.c. wrote:
>
>
>> What is the security risk in the ca.pem to be placed on end-users
>> machines?
>>
>> Thanks,
>> j.c.




Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net