Hi Patrick,
Thanks for the reply.
Yes I took that approach but it didn't work. That's why I dig a bit
further down and tried locate where exactly the error is. I figured that
new lines in the base64 encoded string buffer are necessary to cast a
certificate out of it. May be my observation is wrong.
When I try to create a BIO* using the follwoing way the
PEM_red_bio_X509() didn't work.
char[] buf = "MIICzjCCAjegAwIBAgI...";/*Contents in between ---BEGIN
CERT--- and --END CERT--- */
bp = BIO_new(BIO_s_mem());
BIO_puts(bp, buf);
But if I tried to create BIO* from a .pem file as follows it worked.
bp=BIO_new_file("cert.pem","r");
Could you please clarify me how should the string buffer be?
Should it be with --BEGIN-- and --END---?
Should it preserve line breaks?
Cheers,
Kau
Patrick Patterson wrote:
On Wednesday 14 March 2007 04:05:45 you wrote:
Hi list,
I need to get an X509 *cert using string buffer, which is a base64
encoded representation of it. In other words, if I have the contents of
a ---BEGIN CERTIFICATE--- and --END CERTIFICATE--- of a .pem file, I
need to retrieve the certificate.
THis is really easy - either use PEM_read_X509() to directly read the file...
or, if the PEM encoded certificate is already in a string buffer, you can do
something like:
char certstr[] = "---BEGIN---" ... "---END CERT---";
BIO *membuf = BIO_new(BIO_s_mem());
BIO_puts(membuf, certstr[]);
X509 *cert = PEM_read_bio_X509(membuf, NULL, NULL, NULL);
Which is MUCH, MUCH easier than what you are trying to do below....
Don't re-invent the wheel :)
Patrick.
I used d2i_X509_bio() function for this. There I first decode the base64
encoded string and then created a BIO* using function BIO_new_mem_buf().
In summary the process is...
b64_string --[EVP_Decode]-->binary--[d2i_X509_bio()]--->X509* certificate
But I found that the binaries are different if the line breaks(\n) are
available . And the function gives the certificate only if line
breaks(\n) are there. If I'm correct, the base64 decode function should
handle line breaks. EVP_DecodeInit/Update/Final functions gives
different outputs depending on line breaks and thus the d2i_X509_bio()
function fails if line breaks are not available.
Can somebody point me what I have to do overcome this?
Herewith I'll attach my program.
Cheers,
Kau
int main(int argc , char **argv)
{
FILE *fp;
char buff[1000];
char b64[2000];
int ilen = 0;
BIO *mem;
X509 *cert;
EVP_ENCODE_CTX ctx;
int len, ret;
if (!(fp = fopen("cert.pem", "rb")))
{
printf("Error opening file\n" );
exit(1);
}
ilen = fread(b64,1,2000,fp);
b64[ilen]=0;
EVP_DecodeInit(&ctx);
EVP_DecodeUpdate(&ctx, (unsigned char*)buff,&len,
(unsigned char*)b64, ilen);
EVP_DecodeFinal(&ctx, (unsigned char*)buff, &ret);
ret += len;
if ((mem = BIO_new_mem_buf(buff, ilen)) == NULL)
{
printf("Error\n");
exit(1);
}
cert = d2i_X509_bio(mem, NULL);
BIO_free(mem);
if (cert == NULL)
{
printf("Error in certificate\n");
exit(1);
}
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]