Dear Steve, I've tried it with the following code, but I couldn't get the correct data yet. Could you please point out the wrong point of the following code.
// variables int iResult = 0; unsigned char cert[2000]; BIO *bioPtr; X509 *certPtr; unsigned char *tbs; : // make X509 structure bioPtr = BIO_new_mem_buf(cert, -1); certPtr = PEM_read_bio_X509(bioPtr, NULL, NULL, NULL); // get binary data size of tbs iResult = i2d_X509_CINF(certPtr->cert_info, NULL); // prepare buffer for tbs tbs = (unsigned char *)malloc(iResult); // get der binary data of tbs iResult = i2d_X509_CINF(certPtr->cert_info, &tbs); tbs is filled with data, but it is different from correct data. Best regards, Tatsuya Tsurukawa Dr. Stephen Henson wrote: >On Wed, Mar 01, 2006, Tatsuya Tsurukawa wrote: > >> Hi All, >> >> I have a quick question. >> How can I get To-Be-Signed portion of certificate with openssl api ? >> In case of using JDK, X509Certificat class and getTBSCertificate() method >> seem to be available for the same purpose. >> >> I'm not familiar with the openssl api, and I couldn't find the appropriate >> api due to the luck of sample codes on the internet. >> > >Decode the certificate into an X509 structure using d2i_X509(). The TBS >portion in OpenSSL is called X509_CINF and the relevant fields are available >in the structure. > >If you want to reencode it call i2d_X509_CINF. > >Information about the d2i/i2d functions is in the FAQ. > >Steve. >-- >Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage >OpenSSL project core developer and freelance consultant. >Funding needed! Details on homepage. >Homepage: http://www.drh-consultancy.demon.co.uk >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager [EMAIL PROTECTED] -------- [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]