David,
>Question is how do I parse, decode or whatever this certificate data
>stream. From what I understand, as a minimum, I need to pull out the
>server public key from the certificate for the rest of the SSL process
> - eg to create the master secret.
You'll need an ASN.1 DER decoder. You can get one, plus some classes to
interpret the certificate, from http://www.forge.com.au - the FORGE JCE
provider is free and has ASN.1 classes. There is also one from Cryptix that
is free.
>Can anyone point me to some introductory doc on what ASN is and how to
>decode, parse it and how to pull out specific fields from the certificate.
The Layman's Guide to ASN.1 from RSA (http://www.rsa.com) is an
introduction to ASN.1 and the DER and BER encoding rules.
>Is there a specification of what a certificate looks like. X509 seems to
>be some sort of standard for the certificate. Where is that explained or
>documented? How do I know if the certificate is X509? I have a bunch of
Have a look at the PKIX documents from the IETF (http://www.ieft.org). They
are all about certificates and CAs.
Regards,
David Taylor
FORGE Information Technology.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]