(C) Use a Custom Set of Trusted Root Certificates

Demonstrates how to build a set of trusted root certificates to be used globally by all Chilkat classes.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkTrustedRoots.h>
#include <C_CkZip.h>
#include <C_CkZipEntry.h>
#include <C_CkCert.h>

void ChilkatSample(void)
    {
    HCkTrustedRoots trustedRoots;
    HCkZip zip;
    BOOL success;
    HCkZipEntry entry;
    HCkZipEntry nextEntry;
    const char *pemStr;
    HCkCert cert;
    BOOL bHasMoreEntries;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    trustedRoots = CkTrustedRoots_Create();

    //  Indicate that we will NOT trust any pre-installed certificates on the system.
    CkTrustedRoots_putTrustSystemCaRoots(trustedRoots,FALSE);

    // Thawte is a certificate authority that provides a .zip download of their
    // root CA certificates:  https://www.thawte.com/roots/index.html
    // The direct download link is: https://www.verisign.com/support/thawte-roots.zip
    // Note: The above URLs are valid at the time of writing this example (29-May-2015).

    // Assuming the .zip has already been downloaded, open it and load each .pem file into
    // our trusted roots object.
    zip = CkZip_Create();

    // Open a .zip containing PEM files, among other things..
    success = CkZip_OpenZip(zip,"qa_data/certs/thawte-roots.zip");
    if (success != TRUE) {
        printf("%s\n",CkZip_lastErrorText(zip));
        CkTrustedRoots_Dispose(trustedRoots);
        CkZip_Dispose(zip);
        return;
    }

    entry = CkZip_FirstMatchingEntry(zip,"*.pem");
    if (CkZip_getLastMethodSuccess(zip) != TRUE) {
        printf("No entries matched.\n");
        CkTrustedRoots_Dispose(trustedRoots);
        CkZip_Dispose(zip);
        return;
    }

    cert = CkCert_Create();

    bHasMoreEntries = TRUE;
    while ((bHasMoreEntries == TRUE)) {

        printf("Entry: %s\n",CkZipEntry_fileName(entry));

        // Get the PEM of the CA cert:
        pemStr = CkZipEntry_unzipToString(entry,0,"utf-8");

        // Load it into a certificate object:
        success = CkCert_LoadPem(cert,pemStr);
        if (success != TRUE) {
            printf("%s\n",CkCert_lastErrorText(cert));
        }

        // Add it to the trusted roots.
        CkTrustedRoots_AddCert(trustedRoots,cert);

        // The NextMatchingEntry method was added in v9.5.0.50
        nextEntry = CkZipEntry_NextMatchingEntry(entry,"*.pem");
        bHasMoreEntries = CkZipEntry_getLastMethodSuccess(entry);

        CkZipEntry_Dispose(entry);
        entry = nextEntry;
    }

    //  Activate the trusted roots globally for all Chilkat objects.
    //  This call really shouldn't fail, so we're not checking the return value.
    success = CkTrustedRoots_Activate(trustedRoots);


    CkTrustedRoots_Dispose(trustedRoots);
    CkZip_Dispose(zip);
    CkCert_Dispose(cert);

    }