I am using OpenSSL to verify a server's certificate. Since OpenSSL is shipped without any built-in root CAs, we must distribute the root CA certificate ourselves with our software (we statically-link OpenSSL). Ordinarily, the way to do this is to distribute a certificate file in PEM format and call SSL_CTX_load_verify_locations.
However, this function takes a file/directory path and reads the root certificate file(s) directly from the filesystem. We would really like to be able to hard-code the certificate into our binary instead of saving it to the filesystem.
In other words, we would really like to have a function like SSL_CTX_load_verify_locations that takes an X509* instead of a file-path.
Does something like this exist? or is there an easy way to hack it together ourselves? We can't seem to find much information about this.
Thank you very much for any suggestions!