Skip to content

Instantly share code, notes, and snippets.

@dchest
Created September 10, 2010 21:13
Show Gist options
  • Save dchest/574388 to your computer and use it in GitHub Desktop.
Save dchest/574388 to your computer and use it in GitHub Desktop.
How to add a certificate from buffer in OpenSSL
X509 *cert;
char *zCert;
BIO *mem;
zCert = // get your certificate text buffer here (C string with certificate in PEM format)
mem = BIO_new(BIO_s_mem());
BIO_puts(mem, zCert);
cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
free(zCert);
BIO_free(mem);
// set certificate to sslCtx
X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert);
@LesnyRumcajs
Copy link

I wonder how many other occult functions does OpenSSL have - the official documentation doesn't say a word about it even though it's extremely useful. Thanks, my code shrinked by many lines!

@YangRongAtGit
Copy link

YangRongAtGit commented Mar 3, 2021

I wonder how many other occult functions does OpenSSL have - the official documentation doesn't say a word about it even though it's extremely useful. Thanks, my code shrinked by many lines!

Actually, the official document states those functions. It just the official document, for some reason, assuming that every single coder using OpenSSL is super brilliant and does not need any examples. It would be great if the official doc mentions some common scenarios and presenting functions with code examples in some contexts.

@digambaringale333
Copy link

for anyone else who comes looking, if you have more than one pem file in zCert, you'll need to loop.

while (cert = PEM_read_bio_X509(mem, NULL, 0, NULL)) {
    X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert);
}

It's indeed a good solution, I was not aware about it and was struggling to create store/stack from certificate chain.
Cheers!

@fklassen
Copy link

fklassen commented Feb 4, 2023

I believe that to prevent a memory leak you need X509_free(cert);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment