1

I'm trying to use libcurl and I came across this example.

I've tried to use it for one CA and it worked, but when I tried to add another cert by concatenating it to the first one e.g.:

        char *mypem =
        "-----BEGIN CERTIFICATE-----\n"
        "ZXXDdzCCAl+gAwXBAgXEAgXAuTANBgkqXkXG4w0BAQUQADBaZQswCQYDVQQGEwJJRTESZBAGA1UE\n"
        /* More here */            
        "RCwBXbsdtTLSR4X4LtD+gdwyaX614jzV/OeBXRnDJELqYzZp\n"
        "-----END CERTIFICATE-----\n"
        "-----BEGIN CERTIFICATE-----\n"
        "ZXXQnjCCA4agAwXBAgXJANDnLO8E50QXZA0GCSqGSXb3DQEBCwUAZQsxCzAJBgNV\n"
        "BAYTAlVTZQswCQYDVQQXDAJVUzEQZA4GA1UECgwXVXVybXAxZDETZBEGA1UECwwK\n"
        /* More here */
        "YuyZZLPBYprPZbcaEbyYnwgU2zWXNbRQrsBgOrsXULKQlKsT4T+w0ccjZsQtO+XO\n"
        "Bkg=\n"
        "-----END CERTIFICATE-----";

It seems to work only for the first one.

Doesn't this variable mimic a PEM file ?

Do I need to define them separately and execute the logic for each?

Is it enough to do it once on the first run of the sslctx_functioncallback or should this be done for every request ?

rv = curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
Darius
  • 707
  • 6
  • 21
  • you need to add each CA cert individually to the cert store via `X509_STORE_add_cert`. The store can contain multiple CA certificates, thus the name `store`. – Geoffrey Feb 04 '19 at 08:54
  • 1
    Possible duplicate of [Read certificate files from memory instead of a file using OpenSSL](https://stackoverflow.com/questions/3810058/read-certificate-files-from-memory-instead-of-a-file-using-openssl) – Geoffrey Feb 04 '19 at 09:01
  • I have update the question to be more precise and curl specific – Darius Feb 04 '19 at 19:35

0 Answers0