Re: How to get To-Be-Signed portion of certificate with openssl api ?
Dear Steve, I've tried it with the following code, but I couldn't get the correct data yet. Could you please point out the wrong point of the following code. // variables int iResult = 0; unsigned char cert[2000]; BIO *bioPtr; X509 *certPtr; unsigned char *tbs; : // make X509 structure bioPtr = BIO_new_mem_buf(cert, -1); certPtr = PEM_read_bio_X509(bioPtr, NULL, NULL, NULL); // get binary data size of tbs iResult = i2d_X509_CINF(certPtr-cert_info, NULL); // prepare buffer for tbs tbs = (unsigned char *)malloc(iResult); // get der binary data of tbs iResult = i2d_X509_CINF(certPtr-cert_info, tbs); tbs is filled with data, but it is different from correct data. Best regards, Tatsuya Tsurukawa Dr. Stephen Henson wrote: On Wed, Mar 01, 2006, Tatsuya Tsurukawa wrote: Hi All, I have a quick question. How can I get To-Be-Signed portion of certificate with openssl api ? In case of using JDK, X509Certificat class and getTBSCertificate() method seem to be available for the same purpose. I'm not familiar with the openssl api, and I couldn't find the appropriate api due to the luck of sample codes on the internet. Decode the certificate into an X509 structure using d2i_X509(). The TBS portion in OpenSSL is called X509_CINF and the relevant fields are available in the structure. If you want to reencode it call i2d_X509_CINF. Information about the d2i/i2d functions is in the FAQ. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to get To-Be-Signed portion of certificate with openssl api ?
On Fri, Apr 07, 2006, Tatsuya Tsurukawa wrote: Dear Steve, I've tried it with the following code, but I couldn't get the correct data yet. Could you please point out the wrong point of the following code. // variables int iResult = 0; unsigned char cert[2000]; BIO *bioPtr; X509 *certPtr; unsigned char *tbs; : // make X509 structure bioPtr = BIO_new_mem_buf(cert, -1); certPtr = PEM_read_bio_X509(bioPtr, NULL, NULL, NULL); // get binary data size of tbs iResult = i2d_X509_CINF(certPtr-cert_info, NULL); // prepare buffer for tbs tbs = (unsigned char *)malloc(iResult); // get der binary data of tbs iResult = i2d_X509_CINF(certPtr-cert_info, tbs); tbs is filled with data, but it is different from correct data. Read the FAQ. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to get To-Be-Signed portion of certificate with openssl api ?
On Wed, Mar 01, 2006, Tatsuya Tsurukawa wrote: Hi All, I have a quick question. How can I get To-Be-Signed portion of certificate with openssl api ? In case of using JDK, X509Certificat class and getTBSCertificate() method seem to be available for the same purpose. I'm not familiar with the openssl api, and I couldn't find the appropriate api due to the luck of sample codes on the internet. Decode the certificate into an X509 structure using d2i_X509(). The TBS portion in OpenSSL is called X509_CINF and the relevant fields are available in the structure. If you want to reencode it call i2d_X509_CINF. Information about the d2i/i2d functions is in the FAQ. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to get To-Be-Signed portion of certificate with openssl api ?
Hi All, I have a quick question. How can I get To-Be-Signed portion of certificate with openssl api ? In case of using JDK, X509Certificat class and getTBSCertificate() method seem to be available for the same purpose. I'm not familiar with the openssl api, and I couldn't find the appropriate api due to the luck of sample codes on the internet. Regards, Tatsuya Tsurukawa [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to get To-Be-Signed portion of certificate with openssl api ?
You're looking for X.509 encoding of the CSR. Thus, you'd be looking at the X509_* series of functions. Since it's a request, the subset of functions would be X509_REQ_*. To decode it, you want d2i_X509_REQ_{bio|fp}(). I have to doublecheck the functions that can be used to get info out of it, though. You could, however, look at the 'req', 'ca', and 'x509' programs to see what they do. -Kyle H On 2/28/06, Tatsuya Tsurukawa [EMAIL PROTECTED] wrote: Hi All, I have a quick question. How can I get To-Be-Signed portion of certificate with openssl api ? In case of using JDK, X509Certificat class and getTBSCertificate() method seem to be available for the same purpose. I'm not familiar with the openssl api, and I couldn't find the appropriate api due to the luck of sample codes on the internet. Regards, Tatsuya Tsurukawa [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]