X509_CRL_dup() problem ?
Hello everyone, I try to add a certificate in a CRL. To do that, i use a X509* cert, a X509_CRL* crl with this algorithm : X509_REVOKED *r = NULL; r = X509_REVOKED_new(); r->serialNumber = X509_get_serialNumber(cert); if(!crl->crl->revoked) ci->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); if(!sk_X509_REVOKED_push(ci->revoked, r)) return false; ASN1_UTCTIME_set(r->revocationDate,time(NULL)); ASN1_UTCTIME_set(crl->crl->lastUpdate,time(NULL)); sk_X509_REVOKED_num( crl->crl->revoked ); // here i see a X value After the previous code, i duplicate the X509_CRL : X509_CRL* xrl = X509_CRL_dup( crl ); sk_X509_REVOKED_num( crl->crl->revoked ); // here i see the same X value as above sk_X509_REVOKED_num( xrl->crl->revoked ); // here i see a X-1 value. After the duplication, the added certificate has disappear ! What do i miss to do ? Thank's in advance, have a nice day, pierre. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Bug with X509_dup ?
Hello, I wrote this code : X509* CA = X509_new(); X509* cert = X509_dup ( CA ); Each time i got a segmentation fault when i use cert (cert == NULL is true, but CA != NULL). For me, X509_dup duplicate the given X509 certificate, so i don't think that cert == NULL is a good behavior. . I'm using openssl 0.9.8g with kubuntu 8.04 64bit edition. Am i right ? __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
EVP_PKEY ] How to duplicate it ?]
Hello everyone, I would like to duplicate an EVP_PKEY struct. I wrote this not working code: BIO *bout = BIO_new(BIO_s_mem()); PEM_write_bio_PrivateKey(bout, key, NULL, NULL, 0, NULL, NULL); key = PEM_read_bio_PrivateKey(bout, NULL, NULL, NULL); cout << (key == NULL) << endl; BIO_free(bout);//destroy the buffer return key; Each time, the cout display 1 (key is NULL), i don't know why. So is there a way to duplicate it ?? --- Begin Message --- Hello everyone, I would like to duplicate an EVP_PKEY struct. I wrote this not working code: BIO *bout = BIO_new(BIO_s_mem()); PEM_write_bio_PrivateKey(bout, key, NULL, NULL, 0, NULL, NULL); key = PEM_read_bio_PrivateKey(bout, NULL, NULL, NULL); cout << (key == NULL) << endl; BIO_free(bout);//destroy the buffer return key; Each time, the cout display 1 (key is NULL), i don't know why. So is there a way to duplicate it ?? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] --- End Message ---
How to add an extension to a X509 certificate ?
Hello everyone, As i get no answer from the user mailing list, i ask it here. Sorry in advance if i post this question in the wrong place, but i really need a clue. I would like to add an extension to a X509v3 certificate. I wrote : void Addmyextension(X509* cert, int nid, char* value, bool crit) { X509_EXTENSION* ex = X509_EXTENSION_new(); ex->object = OBJ_nid2obj(nid); crit? ex->critical = 0xff : ex->critical = -1; // Question 1 ASN1_STRING_set(ex->value, value, strlen(value)); // Question 2 X509_add_ext( cert, ex, -1); cout << " A :"<< toHex(ex->value->data) << endl; } Question 1 : Is 0xff and -1 good value for critical state ? I found these one in x509_v3.c line 240... Question 2 : I don't think this line is good. When i set the same text as i found in other extension, i don't have the same value in the asn1_string : STACK_OF (X509_EXTENSION)* sk_ext = cert->cert_info->extensions; X509_EXTENSION *ex2 =sk_X509_EXTENSION_value(sk_ext, 1); cout << "B :"data) << endl; I get : A :43413A54525545 B :30030101FF But this value must be the same (value = "CA:TRUE", A is the hexadecimal code of this char*). So i think my Addmyextension is not good. I have a get function for convert the stack of extension to a map. I think i must create a similar function (which use BIO probably) for set an extension. map Certificate::getV3ext() { map extension; ASN1_OBJECT *obj; // bio struct is use to read the X509_EXTENSION in this case (like a stream in c++) BIO *bio = BIO_new(BIO_s_mem()); int i, len, n = X509_get_ext_count( _d_cert ); char buffer[BUFFER_SIZE]; X509_EXTENSION *ex; for (i=0; iobject);// convert it to integer cout << "type " << type << " " << string(OBJ_nid2ln(type)) << endl; if (X509_EXTENSION_get_critical(ex))// if critical text = CRITICAL_TEXTE;//add "critical, " text to the string if(!X509V3_EXT_print(bio, ex, 0, 0))// read the text of this extention M_ASN1_OCTET_STRING_print(bio,ex->value); len = BIO_read(bio, buffer, BUFFER_SIZE);// here buffer contain the text, len the lenght of it. buffer[len] = '\0';// add the EOT sign text += buffer;// add the readed text to the string extension.insert(make_pair(type,text));// put it in the map } BIO_free(bio);// clear the bio "stream" return extension; // retrun the map } But i can find how to use BIO feature for set an extension. Thanks in advance, pierre delcour __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]