> Option 1, using memoryBio and copy out the buffer consents:
>
> BIO *memoryBio = BIO_new (BIO_s_mem());
> PEM_write_bio_X509 (memoryBio, cert));
>
> char *p (0);
> long length = BIO_get_mem_ptr (memoryBio, &p);
>
> char **pp (0);
> length = BIO_get_mem_data (memoryBio, &pp);
>
> certificate.reserve (length);
> certificate.assign (*p, length);
Option 1 is the better approach. Using a temporary file (your option 2) is
inefficient and a potential security vulnerability.
That said, the code you have in option 1 is wrong, redundant, and incomplete.
BIO_get_mem_ptr does not take a char** as its second parameter. Nor is it
documented as returning a long. Refer to the documentation.
(In fact, BIO_get_mem_ptr is a macro, and thus does not return anything,
strictly speaking; though in fact in OpenSSL 1.0.1g it evaluates to a call to
BIO_ctrl, which does return a long, so the macro as a whole evaluates to a long
r-value. But in the case of BIO_get_mem_ptr, that value will be 1, which is not
likely to be the length of the data in your BIO. Only BIO_get_mem_data and
BIO_pending evaluate to the length of the available data in a memory BIO; you
can figure this out by examining bss_mem.c and bio.h in crypto/bio in the
OpenSSL sources. Or, again, refer to the documentation, since these macros are
documented, which is not always the case with OpenSSL APIs.)
You never use pp, the variable you assign with BIO_get_mem_data; neither do you
use the initial value of length. And the call to certificate.reserve is
unnecessary, since assign will ensure the string's capacity is sufficient.
You don't free the BIO or its associated buffer. (You also don't show us a
declaration for certificate, but based on the rest of your message we can
probably assume it's std::string, and you're using C++.)
Thus:
BIO *memoryBio = BIO_new (BIO_s_mem());
PEM_write_bio_X509 (memoryBio, cert));
char **pp (0);
long length = BIO_get_mem_data (memoryBio, &pp);
certificate.assign (pp, length);
// or if certificate isn't already declared:
// string certificate (pp, length);
BIO_free (memoryBio);
(Untested.)
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
:��I"Ϯ��r�m�����
(����Z+�K��+����1���x���h����[�z�(����Z+����f�y���������f���h��)z{,���
