0

I'm doing specs for my company and I am confronted with a serious problem: One of our supported embedded system does not have any file system.

Yes, if a fopen occurs or any I/O, the system reboots.

I'm only working on server side. Certificate self generated.

So, how can I load a certificate in OpenSSL ? I've seen on several example on the internet, people generates it then write it in a file but I can't do that. Is that mandatory ?

Thank you

jww
  • 97,681
  • 90
  • 411
  • 885
Render
  • 41
  • 6
  • 1
    [Read certificate files from memory instead of a file using OpenSSL](http://stackoverflow.com/q/3810058/608639). – jww Mar 23 '17 at 14:16

1 Answers1

3

No, its not mandatory. OpenSSL uses an X509 object to store a certificate. You could use the d2i_X509() function to load the raw (DER format) certificate from some in memory binary "const" data.

https://www.openssl.org/docs/man1.1.0/crypto/d2i_X509.html

Alternatively, if you'd prefer to store the data in the ASCII printable PEM format you could use PEM_read_bio_X509() to load the certificate from a mem BIO (see BIO_new_mem_buf()) - which again could source the certificate from some in-memory "const" data: https://www.openssl.org/docs/man1.1.0/crypto/PEM_read_bio_X509.html https://www.openssl.org/docs/man1.1.0/crypto/BIO_new_mem_buf.html

You don't say what you want to use the certificate for - but if it is SSL/TLS then just call SSL_CTX_use_certificate() with the X509 object that you created above.

Matt Caswell
  • 8,167
  • 25
  • 28
  • Thank you ! I followed this thread : http://stackoverflow.com/questions/256405/programmatically-create-x509-certificate-using-openssl and used the function SSL_CTX_use_certificate() with the X509 Thank you again !! – Render Mar 24 '17 at 08:35