Strange, you posted a question instead of just copying, pasting "BEGIN...END" doing a recompile & rerun :D.
Hope this helps,
Regards,
Usman.
From: Kaushalye Kapuruge <[EMAIL PROTECTED]>
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: Problem with EVP_Decode and line breaks in a X509 certificate
Date: Thu, 15 Mar 2007 11:51:12 +0530
MIME-Version: 1.0
X-Sender: Kaushalye Kapuruge <[EMAIL PROTECTED]>
Received: from mmx1.engelschall.com ([195.30.6.154]) by bay0-mc11-f1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Wed, 14 Mar 2007 23:21:35 -0700
Received: by mmx1.engelschall.com (Postfix)id 363D356425; Thu, 15 Mar 2007 07:20:21 +0100 (CET)
Received: from master.openssl.org (master.openssl.org [195.30.6.166])by mmx1.engelschall.com (Postfix) with ESMTP id 1AFE85641Ffor <[EMAIL PROTECTED]>; Thu, 15 Mar 2007 07:20:21 +0100 (CET)
Received: by master.openssl.org (Postfix)id 957B11AC6205; Thu, 15 Mar 2007 07:20:20 +0100 (CET)
Received: by master.openssl.org (Postfix, from userid 29101)id 8D6451AC6204; Thu, 15 Mar 2007 07:20:20 +0100 (CET)
Received: from relay03.pair.com (relay03.pair.com [209.68.5.17])by master.openssl.org (Postfix) with SMTP id 9ECA81AC61C3for <openssl-users@openssl.org>; Thu, 15 Mar 2007 07:20:08 +0100 (CET)
Received: (qmail 33387 invoked from network); 15 Mar 2007 06:19:32 -0000
Received: from 124.43.228.16 (HELO ?10.100.1.163?) (124.43.228.16) by relay03.pair.com with SMTP; 15 Mar 2007 06:19:32 -0000
>Hi Patrick,
>Thanks for the reply.
>Yes I took that approach but it didn't work. That's why I dig a bit
>further down and tried locate where exactly the error is. I figured
>that new lines in the base64 encoded string buffer are necessary to
>cast a certificate out of it. May be my observation is wrong.
>
>When I try to create a BIO* using the follwoing way the
>PEM_red_bio_X509() didn't work.
>
>char[] buf = "MIICzjCCAjegAwIBAgI...";/*Contents in between ---BEGIN
> CERT--- and --END CERT--- */
>bp = BIO_new(BIO_s_mem());
>BIO_puts(bp, buf);
>
>But if I tried to create BIO* from a .pem file as follows it worked.
>bp=BIO_new_file("cert.pem","r");
>
>Could you please clarify me how should the string buffer be?
>Should it be with --BEGIN-- and --END---?
>Should it preserve line breaks?
>
>Cheers,
>Kau
>
>
>
>
>
>Patrick Patterson wrote:
>>On Wednesday 14 March 2007 04:05:45 you wrote:
>>
>>>Hi list,
>>>
>>>I need to get an X509 *cert using string buffer, which is a base64
>>>encoded representation of it. In other words, if I have the
>>>contents of
>>>a ---BEGIN CERTIFICATE--- and --END CERTIFICATE--- of a .pem
>>>file, I
>>>need to retrieve the certificate.
>>>
>>>
>>THis is really easy - either use PEM_read_X509() to directly read
>>the file... or, if the PEM encoded certificate is already in a
>>string buffer, you can do something like:
>>
>>char certstr[] = "---BEGIN---" ... "---END CERT---";
>>BIO *membuf = BIO_new(BIO_s_mem());
>>BIO_puts(membuf, certstr[]);
>>X509 *cert = PEM_read_bio_X509(membuf, NULL, NULL, NULL);
>>
>>
>>Which is MUCH, MUCH easier than what you are trying to do below....
>>
>>Don't re-invent the wheel :)
>>
>>Patrick.
>>
>>
>>>I used d2i_X509_bio() function for this. There I first decode the
>>>base64
>>>encoded string and then created a BIO* using function
>>>BIO_new_mem_buf().
>>>
>>>In summary the process is...
>>>b64_string --[EVP_Decode]-->binary--[d2i_X509_bio()]--->X509*
>>>certificate
>>>
>>>But I found that the binaries are different if the line breaks(\n)
>>>are
>>>available . And the function gives the certificate only if line
>>>breaks(\n) are there. If I'm correct, the base64 decode function
>>>should
>>>handle line breaks. EVP_DecodeInit/Update/Final functions gives
>>>different outputs depending on line breaks and thus the
>>>d2i_X509_bio()
>>>function fails if line breaks are not available.
>>>Can somebody point me what I have to do overcome this?
>>>Herewith I'll attach my program.
>>>Cheers,
>>>Kau
>>>
>>>int main(int argc , char **argv)
>>>{
>>> FILE *fp;
>>> char buff[1000];
>>> char b64[2000];
>>> int ilen = 0;
>>> BIO *mem;
>>> X509 *cert;
>>> EVP_ENCODE_CTX ctx;
>>> int len, ret;
>>>
>>>
>>> if (!(fp = fopen("cert.pem", "rb")))
>>> {
>>> printf("Error opening file\n" );
>>> exit(1);
>>> }
>>>
>>> ilen = fread(b64,1,2000,fp);
>>> b64[ilen]=0;
>>>
>>> EVP_DecodeInit(&ctx);
>>> EVP_DecodeUpdate(&ctx, (unsigned char*)buff,&len,
>>> (unsigned char*)b64, ilen);
>>> EVP_DecodeFinal(&ctx, (unsigned char*)buff, &ret);
>>> ret += len;
>>>
>>>
>>> if ((mem = BIO_new_mem_buf(buff, ilen)) == NULL)
>>> {
>>> printf("Error\n");
>>> exit(1);
>>> }
>>> cert = d2i_X509_bio(mem, NULL);
>>> BIO_free(mem);
>>>
>>> if (cert == NULL)
>>> {
>>> printf("Error in certificate\n");
>>> exit(1);
>>> }
>>>}
>>>
>>>______________________________________________________________________
>>>OpenSSL Project
>>>http://www.openssl.org
>>>User Support Mailing List
>>>openssl-users@openssl.org
>>>Automated List Manager
>>>[EMAIL PROTECTED]
>>>
>>
>>
>>______________________________________________________________________
>>OpenSSL Project
>>http://www.openssl.org
>>User Support Mailing List
>>openssl-users@openssl.org
>>Automated List Manager
>>[EMAIL PROTECTED]
>>
>>
>
>______________________________________________________________________
>OpenSSL Project
>http://www.openssl.org
>User Support Mailing List
>openssl-users@openssl.org
>Automated List Manager
>[EMAIL PROTECTED]
Express yourself instantly with MSN Messenger! MSN Messenger Download today it's FREE! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
