Ok, things are more clear now. I am going to explain below what I HAVE TO do : a) I have to store certificates in a map which is a shared memory. ( I have to do this, I have no choice, because I have to continue what guy before me had started ). So I think it's better to store x509 structure which represents the certificate instead of string. I think it is a good idea. isn't it ? b) I must be able to extract uri, serial_number from x509 structure and store them into a STRING variable. Is there a way to exact URI and SN ? ( see source code above ). c) is it possible to send x509 structure (certificate) to peer ? ( apart from handshake ) I 'd like to write something like: SSL_write(ssl, X509* cert)
2011/3/8 Patrick Patterson <ppatter...@carillonis.com> > Hey there: > > On 2011-03-08, at 10:03 AM, ikuzar wrote: > > my questions : > > 1) What does DER format means ? is it equivalent to a string format ? > > In the following function, we have a parameter named "out" : int > i2d_X509(X509 *x, unsigned char **out); this function convert X509 internal > data into DER format. Result is stored in "out" That's why I am wondering if > DER <=> string ... ? > > DER is the "Distinguished Encoding Rules" - it is a binary format that is > designed to be a concise and machine independent representation of the ASN.1 > structure of whatever is encoded that way. It is MOST DEFINITELY NOT a > string. > > > 2) is it possible to verify ( by hand ) certificate in string format ? > > I have no idea even what you are referring to... what does "convert to a > string" mean - you need to validate/verify the certificate according to the > rules outlined in IETF RFC5260, and that involves verifying the signature, > and this involves dealing with the certificate in the same format it was > signed in (which, I believe, is the binary DER encoding). > > > 3) what kind of data structure ( vector, etc..) is the best way to store > certificate with string format ? > > PEM of course. > > > 4) is a bad idea to handle everywhere certificates in string format ? > > > VERY, VERY bad... > > Have fun! > > --- > Patrick Patterson > Chief PKI Architect > Carillon Information Security Inc. > http://www.carillon.ca > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
