Re: Question regarding PEM_read_bio_X509()
On Fri, Aug 21, 2009, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson Sent: Thursday, 20 August, 2009 18:34 On Wed, Aug 19, 2009, barcaroller wrote: I have a PEM-format server certificate that I need to convert to a binary structure as defined in section 7.4.2. (Server Certificate) of RFC5246 (TLS v1.2). snip Also, I will need to do the reverse: converting a binary buffer in memory (with the structure above) into a PEM-format server certificate. The functions d2i_X509() and i2d_X509() will do what you want, check out the manual pages and the FAQ to avoid a common mistake with these functions. I don't think so. d2i/i2d convert DER to and from OpenSSL's internal representation (C structs with fields). What the OP asks for is to convert PEM (which base64-wraps DER) to (binary) DER (plus TLS length prefixes, which are trivial) or vice versa binary-DER(plus) to PEM-wrapped-DER. You could do this indirectly by PEM_read_blah (PEM to internal) then i2d_blah (internal to DER) and conversely d2i + PEM_write, but that's like traveling New York to Philadelphia via Chicago. The OP was aware of the PEM functions so I was merely pointing to the missing pieces. At an application level it is simpler to do d2i/PEM instead of manually creating the PEM structures. You also get syntax checking that way. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Question regarding PEM_read_bio_X509()
From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson Sent: Thursday, 20 August, 2009 18:34 On Wed, Aug 19, 2009, barcaroller wrote: I have a PEM-format server certificate that I need to convert to a binary structure as defined in section 7.4.2. (Server Certificate) of RFC5246 (TLS v1.2). snip Also, I will need to do the reverse: converting a binary buffer in memory (with the structure above) into a PEM-format server certificate. The functions d2i_X509() and i2d_X509() will do what you want, check out the manual pages and the FAQ to avoid a common mistake with these functions. I don't think so. d2i/i2d convert DER to and from OpenSSL's internal representation (C structs with fields). What the OP asks for is to convert PEM (which base64-wraps DER) to (binary) DER (plus TLS length prefixes, which are trivial) or vice versa binary-DER(plus) to PEM-wrapped-DER. You could do this indirectly by PEM_read_blah (PEM to internal) then i2d_blah (internal to DER) and conversely d2i + PEM_write, but that's like traveling New York to Philadelphia via Chicago. Or (except for some encrypted items) you could just: - on input, parse (or discard) the header/trailer lines, and convert the remaining base64 to binary, giving DER - on output, convert DER binary to base64, adding linebreaks and header/trailer lines as needed You could use a BIO_b64 on a BIO_mem to do the base64 and linebreaks but AFAICT not the header/trailer lines; or you could just call EVP_{Encode,Decode}* to do base64 and do the linebreaks and header/trailer yourself. When openssl/ssl/* itself builds certs etc into wire messages, it uses i2d because it already has the internal form in its internal structures. That's a different case. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question regarding PEM_read_bio_X509()
On Wed, Aug 19, 2009, barcaroller wrote: I have a PEM-format server certificate that I need to convert to a binary structure as defined in section 7.4.2. (Server Certificate) of RFC5246 (TLS v1.2). Server certificate (in PEM format), residing as a text file in the filesystem | | V Load into buffer in memory with structure as defined in RFC5246: opaque ASN.1Cert1..2^24-1; struct { ASN.1Cert certificate_list0..2^24-1; } Certificate; certificate_list Also, I will need to do the reverse: converting a binary buffer in memory (with the structure above) into a PEM-format server certificate. My question is: are there OpenSSL routines that do this? I have looked at X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); but it is not clear to me how I should handle (BIO* bp). If this function indeed does what I need, how would I convert my memory buffer to a BIO, and vice versa? The functions d2i_X509() and i2d_X509() will do what you want, check out the manual pages and the FAQ to avoid a common mistake with these functions. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org