subject:"Re\: Question regarding PEM_read_bio

Re: Question regarding PEM_read_bio_X509()

2009-08-22 Thread Dr. Stephen Henson

On Fri, Aug 21, 2009, Dave Thompson wrote:

  From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
  Sent: Thursday, 20 August, 2009 18:34
 
  On Wed, Aug 19, 2009, barcaroller wrote:
  
   I have a PEM-format server certificate that I need to convert to a 
   binary structure as defined in section 7.4.2. (Server 
  Certificate) of 
   RFC5246 (TLS v1.2). snip
   Also, I will need to do the reverse: converting a binary buffer in 
   memory (with the structure above) into a PEM-format server 
  certificate.
   
 
  The functions d2i_X509() and i2d_X509() will do what you 
  want, check out the manual pages and the FAQ to avoid a 
  common mistake with these functions.
  
 I don't think so. d2i/i2d convert DER to and from OpenSSL's 
 internal representation (C structs with fields). What the OP 
 asks for is to convert PEM (which base64-wraps DER) to 
 (binary) DER (plus TLS length prefixes, which are trivial) 
 or vice versa binary-DER(plus) to PEM-wrapped-DER.
 
 You could do this indirectly by PEM_read_blah (PEM to internal) 
 then i2d_blah (internal to DER) and conversely d2i + PEM_write, 
 but that's like traveling New York to Philadelphia via Chicago.
 

The OP was aware of the PEM functions so I was merely pointing to the missing
pieces.

At an application level it is simpler to do d2i/PEM instead of manually
creating the PEM structures. You also get syntax checking that way.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Question regarding PEM_read_bio_X509()

2009-08-21 Thread Dave Thompson

 From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
 Sent: Thursday, 20 August, 2009 18:34

 On Wed, Aug 19, 2009, barcaroller wrote:
 
  I have a PEM-format server certificate that I need to convert to a 
  binary structure as defined in section 7.4.2. (Server 
 Certificate) of 
  RFC5246 (TLS v1.2). snip
  Also, I will need to do the reverse: converting a binary buffer in 
  memory (with the structure above) into a PEM-format server 
 certificate.
  

 The functions d2i_X509() and i2d_X509() will do what you 
 want, check out the manual pages and the FAQ to avoid a 
 common mistake with these functions.
 
I don't think so. d2i/i2d convert DER to and from OpenSSL's 
internal representation (C structs with fields). What the OP 
asks for is to convert PEM (which base64-wraps DER) to 
(binary) DER (plus TLS length prefixes, which are trivial) 
or vice versa binary-DER(plus) to PEM-wrapped-DER.

You could do this indirectly by PEM_read_blah (PEM to internal) 
then i2d_blah (internal to DER) and conversely d2i + PEM_write, 
but that's like traveling New York to Philadelphia via Chicago.

Or (except for some encrypted items) you could just:
- on input, parse (or discard) the header/trailer lines, 
and convert the remaining base64 to binary, giving DER
- on output, convert DER binary to base64, 
adding linebreaks and header/trailer lines as needed

You could use a BIO_b64 on a BIO_mem to do the base64 
and linebreaks but AFAICT not the header/trailer lines; 
or you could just call EVP_{Encode,Decode}* to do base64 
and do the linebreaks and header/trailer yourself.

When openssl/ssl/* itself builds certs etc into wire messages, 
it uses i2d because it already has the internal form in its 
internal structures. That's a different case.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Question regarding PEM_read_bio_X509()

2009-08-20 Thread Dr. Stephen Henson

On Wed, Aug 19, 2009, barcaroller wrote:

 
 I have a PEM-format server certificate that I need to convert to a binary
 structure as defined in section 7.4.2. (Server Certificate) of RFC5246
 (TLS v1.2).
 
 
 Server certificate (in PEM format), residing as a
 text file in the filesystem
 |
 |
 V
   Load into buffer in memory with structure as defined in RFC5246:
 
  opaque ASN.1Cert1..2^24-1;
 
  struct {
ASN.1Cert certificate_list0..2^24-1;
  } Certificate;
 
 certificate_list
 
 
 
 Also, I will need to do the reverse: converting a binary buffer in memory
 (with the structure above) into a PEM-format server certificate.
 
 My question is: are there OpenSSL routines that do this?  I have looked at
 
  X509 *PEM_read_bio_X509(BIO *bp, X509 **x,
  pem_password_cb *cb, void *u);
 
 but it is not clear to me how I should handle (BIO* bp).  If this function
 indeed does what I need, how would I convert my memory buffer to a BIO, and
 vice versa?
 
 

The functions d2i_X509() and i2d_X509() will do what you want, check out the
manual pages and the FAQ to avoid a common mistake with these functions.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Question regarding PEM_read_bio_X509()

RE: Question regarding PEM_read_bio_X509()

Re: Question regarding PEM_read_bio_X509()

3 matches

Site Navigation

Mail list logo

Footer information