Sample code for 30+ languages & platforms
C

Use a Custom Set of Trusted Root Certificates

See more Certificates Examples

Demonstrates how to build a set of trusted root certificates to be used globally by all Chilkat classes.

Chilkat C Downloads

C
#include <C_CkTrustedRoots.h>
#include <C_CkZip.h>
#include <C_CkZipEntry.h>
#include <C_CkCert.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkTrustedRoots trustedRoots;
    HCkZip zip;
    HCkZipEntry entry;
    const char *pemStr;
    HCkCert cert;
    const char *pattern;
    BOOL bHasMoreEntries;

    success = FALSE;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    trustedRoots = CkTrustedRoots_Create();

    //  Indicate that we will NOT trust any pre-installed certificates on the system.
    CkTrustedRoots_putTrustSystemCaRoots(trustedRoots,FALSE);

    // Thawte is a certificate authority that provides a .zip download of their
    // root CA certificates:  https://www.thawte.com/roots/index.html
    // The direct download link is: https://www.verisign.com/support/thawte-roots.zip
    // Note: The above URLs are valid at the time of writing this example (29-May-2015).

    // Assuming the .zip has already been downloaded, open it and load each .pem file into
    // our trusted roots object.
    zip = CkZip_Create();

    // Open a .zip containing PEM files, among other things..
    success = CkZip_OpenZip(zip,"qa_data/certs/thawte-roots.zip");
    if (success == FALSE) {
        printf("%s\n",CkZip_lastErrorText(zip));
        CkTrustedRoots_Dispose(trustedRoots);
        CkZip_Dispose(zip);
        return;
    }

    entry = CkZipEntry_Create();

    cert = CkCert_Create();

    pattern = "*.pem";
    bHasMoreEntries = CkZip_EntryMatching(zip,pattern,entry);
    while (bHasMoreEntries == TRUE) {

        printf("Entry: %s\n",CkZipEntry_fileName(entry));

        // Get the PEM of the CA cert:
        pemStr = CkZipEntry_unzipToString(entry,0,"utf-8");

        // Load it into a certificate object:
        success = CkCert_LoadPem(cert,pemStr);
        if (success != TRUE) {
            printf("%s\n",CkCert_lastErrorText(cert));
        }

        // Add it to the trusted roots.
        CkTrustedRoots_AddCert(trustedRoots,cert);

        bHasMoreEntries = CkZipEntry_GetNextMatch(entry,pattern);
    }

    //  Activate the trusted roots globally for all Chilkat objects.
    //  This call really shouldn't fail, so we're not checking the return value.
    success = CkTrustedRoots_Activate(trustedRoots);


    CkTrustedRoots_Dispose(trustedRoots);
    CkZip_Dispose(zip);
    CkZipEntry_Dispose(entry);
    CkCert_Dispose(cert);

    }