> From: [email protected] On Behalf Of Dr. Stephen Henson
> Sent: Thursday, 20 August, 2009 18:34
> On Wed, Aug 19, 2009, barcaroller wrote:
>
> > I have a PEM-format server certificate that I need to convert to a
> > binary structure as defined in section 7.4.2. (Server
> Certificate) of
> > RFC5246 (TLS v1.2). <snip>
> > Also, I will need to do the reverse: converting a binary buffer in
> > memory (with the structure above) into a PEM-format server
> certificate.
> >
> The functions d2i_X509() and i2d_X509() will do what you
> want, check out the manual pages and the FAQ to avoid a
> common mistake with these functions.
>
I don't think so. d2i/i2d convert DER to and from OpenSSL's
internal representation (C structs with fields). What the OP
asks for is to convert PEM (which base64-wraps DER) to
(binary) DER (plus TLS length prefixes, which are trivial)
or vice versa binary-DER(plus) to PEM-wrapped-DER.
You could do this indirectly by PEM_read_blah (PEM to internal)
then i2d_blah (internal to DER) and conversely d2i + PEM_write,
but that's like traveling New York to Philadelphia via Chicago.
Or (except for some encrypted items) you could just:
- on input, parse (or discard) the header/trailer lines,
and convert the remaining base64 to binary, giving DER
- on output, convert DER binary to base64,
adding linebreaks and header/trailer lines as needed
You could use a BIO_b64 on a BIO_mem to do the base64
and linebreaks but AFAICT not the header/trailer lines;
or you could just call EVP_{Encode,Decode}* to do base64
and do the linebreaks and header/trailer yourself.
When openssl/ssl/* itself builds certs etc into wire messages,
it uses i2d because it already has the internal form in its
internal structures. That's a different case.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
