我想要从内存加载证书的任何其他人替换 SSL_CTX_verify_locations(X509," cert.pem",0)函数,我试过
X509_STORE* store = X509_STORE_new();
X509* temp;
BIO* mem;
unsigned char CAPEM[] = {0x13, ..., ...};
store = SSL_CTX_get_cert_store(SSL_CONTEXT)
mem = BIO_new_mem_buf((void*)CAPEM, sizeof(CAPEM));
PEM_read_bio_X509(mem, &temp, 0, 0)
X509_STORE_add_cert(store, temp)
SSL_CTX_set_verify(SSL_CONTEXT, SSL_VERIFY_PEER, 0);
和
SSL_CTX_add_extra_chain_cert(SSL_CONTEXT, temp)
我正在使用openssl 1.0.2,谢谢
答案 0 :(得分:0)
首先需要使用X509_STORE_new()创建证书存储区,然后使用X509_STORE_add_cert()