You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a folder storing root CAs for TLS verification on an embedded Linux. It works fine with TLS connection (Libcurl and asio). I want to manage the root CAs. One of features is to list all root CAs in the truststore. I tried demo code below but it always says no CA found, is there anything wrong in it? OpenSSL 3.4 is used.
#include <stdio.h>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/provider.h>
int main() {
// Initialize OpenSSL algorithms and error strings
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
// Load the default provider
if (!OSSL_PROVIDER_load(NULL, "fips")) {
fprintf(stderr, "Error loading default provider\n");
return 1;
}
// Create a new X509_STORE object
X509_STORE *store = X509_STORE_new();
if (!store) {
fprintf(stderr, "Failed to create X509_STORE object\n");
return 1;
}
// Load certificates into the store (example: loading from a directory)
if (X509_STORE_load_locations(store, NULL, "/mnt/encry/truststore") != 1) {
fprintf(stderr, "Failed to load certificates into store\n");
X509_STORE_free(store);
return 1;
}
// Retrieve all certificates in the store
STACK_OF(X509) *certs = X509_STORE_get1_all_certs(store);
if (sk_X509_num(certs) == 0) {
printf("No certificates found in the store\n");
} else {
printf("Found %d certificates in the store\n", sk_X509_num(certs));
for (int i = 0; i < sk_X509_num(certs); i++) {
X509 *cert = sk_X509_value(certs, i);
char *subject_str = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
if (subject_str) {
printf("Certificate %d subject: %s\n", i + 1, subject_str);
OPENSSL_free(subject_str);
}
}
}
// Clean up
sk_X509_pop_free(certs, X509_free);
X509_STORE_free(store);
ERR_free_strings();
EVP_cleanup();
return 0;
}
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I have a folder storing root CAs for TLS verification on an embedded Linux. It works fine with TLS connection (Libcurl and asio). I want to manage the root CAs. One of features is to list all root CAs in the truststore. I tried demo code below but it always says no CA found, is there anything wrong in it? OpenSSL 3.4 is used.
Beta Was this translation helpful? Give feedback.
All reactions