On Fri, Aug 21, 2009, Dave Thompson wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson > > Sent: Thursday, 20 August, 2009 18:34 > > > On Wed, Aug 19, 2009, barcaroller wrote: > > > > > I have a PEM-format server certificate that I need to convert to a > > > binary structure as defined in section 7.4.2. (Server > > Certificate) of > > > RFC5246 (TLS v1.2). <snip> > > > Also, I will need to do the reverse: converting a binary buffer in > > > memory (with the structure above) into a PEM-format server > > certificate. > > > > > > The functions d2i_X509() and i2d_X509() will do what you > > want, check out the manual pages and the FAQ to avoid a > > common mistake with these functions. > > > I don't think so. d2i/i2d convert DER to and from OpenSSL's > internal representation (C structs with fields). What the OP > asks for is to convert PEM (which base64-wraps DER) to > (binary) DER (plus TLS length prefixes, which are trivial) > or vice versa binary-DER(plus) to PEM-wrapped-DER. > > You could do this indirectly by PEM_read_blah (PEM to internal) > then i2d_blah (internal to DER) and conversely d2i + PEM_write, > but that's like traveling New York to Philadelphia via Chicago. >
The OP was aware of the PEM functions so I was merely pointing to the missing pieces. At an application level it is simpler to do d2i/PEM instead of manually creating the PEM structures. You also get syntax checking that way. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
