X509_CRL_dup() problem ?

2008-08-13 Thread delcour.pierre 

Hello everyone,

I try to add a certificate in a CRL. To do that, i use a X509* cert, a 
X509_CRL* crl with this algorithm :


X509_REVOKED *r = NULL;
r = X509_REVOKED_new();
r->serialNumber = X509_get_serialNumber(cert);
if(!crl->crl->revoked)
  ci->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
if(!sk_X509_REVOKED_push(ci->revoked, r))
  return false;
ASN1_UTCTIME_set(r->revocationDate,time(NULL));
ASN1_UTCTIME_set(crl->crl->lastUpdate,time(NULL));
sk_X509_REVOKED_num( crl->crl->revoked ); // here i see a X value

After the previous code, i duplicate the X509_CRL :

X509_CRL* xrl = X509_CRL_dup( crl );
sk_X509_REVOKED_num( crl->crl->revoked ); // here i see the same X value 
as above

sk_X509_REVOKED_num( xrl->crl->revoked ); // here i see a X-1 value.

After the duplication, the added certificate has disappear ! What do i 
miss to do ?


Thank's in advance,
have a nice day,
pierre.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Bug with X509_dup ?

2008-06-12 Thread delcour.pierre 

Hello,

I wrote this code :
X509* CA = X509_new();
X509* cert = X509_dup ( CA );

Each time i got a segmentation fault when i use cert (cert == NULL is 
true, but CA != NULL). For me, X509_dup duplicate the given X509 
certificate, so i don't think that cert == NULL is a good behavior. . 
I'm using openssl 0.9.8g with kubuntu 8.04 64bit edition.


Am i right ?
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

EVP_PKEY ] How to duplicate it ?]

2008-06-02 Thread delcour.pierre 

Hello everyone,

I would like to duplicate an EVP_PKEY struct.


I wrote this not working code:
  BIO *bout = BIO_new(BIO_s_mem());
  PEM_write_bio_PrivateKey(bout, key, NULL, NULL, 0, NULL, NULL);
key = PEM_read_bio_PrivateKey(bout, NULL, NULL, NULL);
cout << (key == NULL) << endl;
  BIO_free(bout);//destroy the buffer
  return key;

Each time, the cout display 1 (key is NULL), i don't know why.

So is there a way to duplicate it ??
--- Begin Message ---

Hello everyone,

I would like to duplicate an EVP_PKEY struct.


I wrote this not working code:
   BIO *bout = BIO_new(BIO_s_mem());
   PEM_write_bio_PrivateKey(bout, key, NULL, NULL, 0, NULL, NULL);
key = PEM_read_bio_PrivateKey(bout, NULL, NULL, NULL);
cout << (key == NULL) << endl;
   BIO_free(bout);//destroy the buffer
   return key;

Each time, the cout display 1 (key is NULL), i don't know why.

So is there a way to duplicate it ??
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


--- End Message ---

How to add an extension to a X509 certificate ?

2008-06-02 Thread delcour.pierre 

Hello everyone,

As i get no answer from the user mailing list, i ask it here. Sorry in 
advance if i post this question in the wrong place, but i really need a 
clue.


I would like to add an extension to a X509v3 certificate.
I wrote :
void Addmyextension(X509* cert, int nid, char* value, bool crit)
{

X509_EXTENSION* ex = X509_EXTENSION_new();   ex->object = OBJ_nid2obj(nid);
crit? ex->critical = 0xff :  ex->critical = -1;  // Question 1
ASN1_STRING_set(ex->value, value, strlen(value)); // Question 2
X509_add_ext( cert, ex, -1); cout << " A :"<< toHex(ex->value->data) << 
endl;
 
}


Question 1 :
Is 0xff and -1 good value for critical state ? I found these one in 
x509_v3.c line 240...


Question 2 :
I don't think this line is good.
When i set the same text as i found in other extension, i don't have the 
same value in the asn1_string :


STACK_OF (X509_EXTENSION)* sk_ext = cert->cert_info->extensions;
X509_EXTENSION *ex2 =sk_X509_EXTENSION_value(sk_ext, 1);
cout << "B :"data) << endl;

I get :
A :43413A54525545
B :30030101FF

But this value must be the same (value = "CA:TRUE", A is the hexadecimal 
code of this char*). So i think my Addmyextension is not good.
I have a get function for convert the stack of extension to a map. I 
think i must create a similar function (which use BIO probably) for set 
an extension.


map Certificate::getV3ext()
{
map extension;
  ASN1_OBJECT *obj;
  // bio struct is use to read the X509_EXTENSION in this case (like a 
stream in c++)

  BIO *bio = BIO_new(BIO_s_mem());
  int i, len, n = X509_get_ext_count( _d_cert );
  char buffer[BUFFER_SIZE];
  X509_EXTENSION *ex;
  for (i=0; iobject);// convert it to integer
cout << "type  " << type  << " " <<  string(OBJ_nid2ln(type)) << endl;
  if (X509_EXTENSION_get_critical(ex))// if critical
  text = CRITICAL_TEXTE;//add "critical, " text to 
the string
if(!X509V3_EXT_print(bio, ex, 0, 0))// read the text of 
this extention

  M_ASN1_OCTET_STRING_print(bio,ex->value);
  len = BIO_read(bio, buffer, BUFFER_SIZE);// here buffer contain 
the text, len the lenght of it.

  buffer[len] = '\0';// add the EOT sign
  text += buffer;// add the readed text to the string
  extension.insert(make_pair(type,text));// put it in the map
  }
  BIO_free(bio);// clear the bio "stream"
  return extension; // retrun the map
}

But i can find how to use BIO feature for set an extension.


Thanks in advance,
pierre delcour
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]