(C++) Use a Custom Set of Trusted Root Certificates

Demonstrates how to build a set of trusted root certificates to be used globally by all Chilkat classes.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++ Win Mobile 5.0/Pocket PC 2003	Solaris C/C++ FreeBSD C/C++ OpenBSD C/C++ MinGW C/C++

#include <CkTrustedRoots.h>
#include <CkZip.h>
#include <CkZipEntry.h>
#include <CkCert.h>

void ChilkatSample(void)
    {
    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    CkTrustedRoots trustedRoots;

    //  Indicate that we will NOT trust any pre-installed certificates on the system.
    trustedRoots.put_TrustSystemCaRoots(false);

    // Thawte is a certificate authority that provides a .zip download of their
    // root CA certificates:  https://www.thawte.com/roots/index.html
    // The direct download link is: https://www.verisign.com/support/thawte-roots.zip
    // Note: The above URLs are valid at the time of writing this example (29-May-2015).

    // Assuming the .zip has already been downloaded, open it and load each .pem file into
    // our trusted roots object.
    CkZip zip;

    // Open a .zip containing PEM files, among other things..
    bool success = zip.OpenZip("qa_data/certs/thawte-roots.zip");
    if (success != true) {
        std::cout << zip.lastErrorText() << "\r\n";
        return;
    }

    CkZipEntry *entry = zip.FirstMatchingEntry("*.pem");
    if (zip.get_LastMethodSuccess() != true) {
        std::cout << "No entries matched." << "\r\n";
        return;
    }

    CkZipEntry *nextEntry = 0;
    const char *pemStr = 0;

    CkCert cert;

    bool bHasMoreEntries = true;
    while ((bHasMoreEntries == true)) {

        std::cout << "Entry: " << entry->fileName() << "\r\n";

        // Get the PEM of the CA cert:
        pemStr = entry->unzipToString(0,"utf-8");

        // Load it into a certificate object:
        success = cert.LoadPem(pemStr);
        if (success != true) {
            std::cout << cert.lastErrorText() << "\r\n";
        }

        // Add it to the trusted roots.
        trustedRoots.AddCert(cert);

        // The NextMatchingEntry method was added in v9.5.0.50
        nextEntry = entry->NextMatchingEntry("*.pem");
        bHasMoreEntries = entry->get_LastMethodSuccess();

        delete entry;
        entry = nextEntry;
    }

    //  Activate the trusted roots globally for all Chilkat objects.
    //  This call really shouldn't fail, so we're not checking the return value.
    success = trustedRoots.Activate();
    }