> From: owner-openssl-us...@openssl.org On Behalf Of Azlan
> Sent: Tuesday, 18 August, 2009 08:24
> > Hello every one..I'm working with an application in which a module
> > should read a "pem" certificate successfully.I've written 2
> types of
> > programs, but both are failing(PEM_read constantly returning null
> > )..here are my codes..
<trimmed errorhandling and cleanup for clarity>
> > FILE *fp;
> > X509 *x=X509_new();
> > fp=fopen(argv[1],"r");
> > PEM_read_X509(fp,&x,NULL,NULL);
> > if(x==NULL)
> > printf("error reading \n");
> > else
> > printf("reading success\n");
> > here is my second one..using "bio"
> > X509 *x509Cert /*=X509_new(); result is same even if this
> > statement is X509 *x509Cert = X509_new(); */
This is a local or 'auto' variable in C and not implicitly initialized.
Either initialize it to NULL or to a good value such as X509_new(),
but don't leave it garbage. Probably on your system it happened to be
zero = NULL and you were lucky, but you shouldn't rely on that.
> > BIO *cert;
> > if ((cert=BIO_new(BIO_s_file())) == NULL) <error>
> > if (BIO_read_filename(cert,argv[1]) <= 0) <error>
> > if (PEM_read_bio_X509(cert,&x509Cert,NULL,NULL)!=NULL)
> > Both programs are returning "NULL " out of PEM_read.
> > Even though i found similar post sabout PEM_read, none of them is
> > solving my problem..please help me with this..
> >
> > Thank you in advance.
> >
Are you sure the file you are reading is in fact a PEM cert?
Both your codes work correctly for me when reading a valid file,
after fixing the initialization in the BIO version.
> Sorry..I forgot to mention something..
> In my first program,the result would be "reading
> success"..the problem is
> PEM_read_X509(fp,&x,NULL,NULL)
> is not returning valid X509 into "x"(it's returning null..u
> can check by if(PEM_read_X509(fp,&x,NULL,NULL)==NULL).Even
> after the call of function
> PEM_read; x has the previous value(X509_new() which is not
> null).Thats why
> out put is "reading success."
Right. The d2i_whatever and PEM_read_whatever routines follow
(AFAIK always) the pattern that
- if the &handle argument is NULL or &handle that _contains_ NULL,
they allocate a new whatever for the data and return a pointer to it,
AND store that pointer into handle if &handle is nonNULL,
but if there is an error they return NULL and DON'T allocate
- if the &handle argument is a pointer to an already allocated whatever,
they use it (and don't allocate) and return it; if there is an error,
they return NULL but leave the existing whatever allocated. The idea is
that you allocated it, so you decide if and when to deallocate it.
It's simplest to pass NULL, let the library allocate and use
(only) the return value, but if you want to pre-allocate yourself,
check the return value for success/fail NOT the handle_arg value.
If the return value is NULL, call ERR_print_errors[_fp]
or code a loop with ERR_get_error and whatever display you like.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
