Re: get subjectAltName
Thank you Christian, it helped to decode the kerberos principal name .
The code worked.
Regards
Naveen
Christian Hohnstaedt wrote:
On Wed, Sep 22, 2010 at 05:48:07PM +0530, Naveen B.N wrote:
Thank you Christian,
your suggestions helped us to get the position but as you mentioned the
problem
of resolving to kerberos principal name, i tried Google and added a
piece of code
but i am not getting the out put as shown below .
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define CERT_INFO_MAX_ENTRIES 15
#define CERT_INFO_SIZE 10
/*
http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-PK_002dINIT.html
KRB5PrincipalName ::= SEQUENCE {
realm [0] Realm,
principalName [1] PrincipalName
}
Maybe this is already defined somewhere in OpenSSL - I didn't find it.
*/
typedef struct kdc_princname_st
{
ASN1_GENERALSTRING *realm;
KRB5_PRINCNAME *princname;
} KDC_PRINCNAME;
ASN1_SEQUENCE(KDC_PRINCNAME) = {
ASN1_EXP(KDC_PRINCNAME, realm, ASN1_GENERALSTRING, 0),
ASN1_EXP(KDC_PRINCNAME, princname, KRB5_PRINCNAME, 1)
} ASN1_SEQUENCE_END(KDC_PRINCNAME)
IMPLEMENT_ASN1_FUNCTIONS(KDC_PRINCNAME)
static char **cert_info_kpn(X509 *x509) {
int i,j;
static char *entries[CERT_INFO_SIZE];
STACK_OF(GENERAL_NAME) *gens;
GENERAL_NAME *name;
ASN1_OBJECT *krb5PrincipalName;
printf("Trying to find a Kerberos Principal Name in
certificate");
gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
krb5PrincipalName = OBJ_txt2obj("1.3.6.1.5.2.2", 1);
if (!gens) {
printf("No alternate name extensions");
return NULL; /* no alternate names */
}
if (!krb5PrincipalName) {
printf("Cannot map KPN object");
return NULL;
}
for (i=0,j=0; (i < sk_GENERAL_NAME_num(gens)) &&
(j
name = sk_GENERAL_NAME_value(gens, i);
if ( name && name->type==GEN_OTHERNAME ) { /* test for
UPN */
if (OBJ_cmp(name->d.otherName->type_id,
krb5PrincipalName)) continue; /* object is not a UPN */
else {
/* NOTE:
from PKINIT RFC, I deduce that stored format for
kerberos
Principal Name is ASN1_STRING, but not sure at 100%
Any help will be granted
*/
unsigned char *txt;
ASN1_TYPE *val = name->d.otherName->value;
ASN1_STRING *str= val->value.asn1_string;
printf("Found Kerberos Principal Name ");
unsigned char * p = str->data;
KDC_PRINCNAME *pn = d2i_KDC_PRINCNAME(NULL, &p,
str->length);
KRB5_PRINCNAME *princname = pn->princname;
printf("Realm '%*s'\nNAMETYPE: %ld\n",
pn->realm->length, pn->realm->data,
ASN1_INTEGER_get(princname->nametype));
for (j=0;
jnamestring); j++) {
ASN1_GENERALSTRING *gs =
sk_ASN1_GENERALSTRING_value(princname->namestring,j);
printf("[%i] %*s\n", j, gs->length, gs->data);
}
Cheers
Christian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: get subjectAltName
On Wed, Sep 22, 2010 at 05:48:07PM +0530, Naveen B.N wrote:
> Thank you Christian,
> your suggestions helped us to get the position but as you mentioned the
> problem
> of resolving to kerberos principal name, i tried Google and added a
> piece of code
> but i am not getting the out put as shown below .
>
> #include
> #include
>
> #include
> #include
> #include
> #include
> #include
> #include
> #include
> #include
> #include
> #include
>
> #define CERT_INFO_MAX_ENTRIES 15
> #define CERT_INFO_SIZE 10
/*
http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-PK_002dINIT.html
KRB5PrincipalName ::= SEQUENCE {
realm [0] Realm,
principalName [1] PrincipalName
}
Maybe this is already defined somewhere in OpenSSL - I didn't find it.
*/
typedef struct kdc_princname_st
{
ASN1_GENERALSTRING *realm;
KRB5_PRINCNAME *princname;
} KDC_PRINCNAME;
ASN1_SEQUENCE(KDC_PRINCNAME) = {
ASN1_EXP(KDC_PRINCNAME, realm, ASN1_GENERALSTRING, 0),
ASN1_EXP(KDC_PRINCNAME, princname, KRB5_PRINCNAME, 1)
} ASN1_SEQUENCE_END(KDC_PRINCNAME)
IMPLEMENT_ASN1_FUNCTIONS(KDC_PRINCNAME)
> static char **cert_info_kpn(X509 *x509) {
>int i,j;
>static char *entries[CERT_INFO_SIZE];
>STACK_OF(GENERAL_NAME) *gens;
>GENERAL_NAME *name;
>ASN1_OBJECT *krb5PrincipalName;
>printf("Trying to find a Kerberos Principal Name in
> certificate");
>gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
>krb5PrincipalName = OBJ_txt2obj("1.3.6.1.5.2.2", 1);
>if (!gens) {
>printf("No alternate name extensions");
>return NULL; /* no alternate names */
>}
>if (!krb5PrincipalName) {
>printf("Cannot map KPN object");
>return NULL;
>}
>for (i=0,j=0; (i < sk_GENERAL_NAME_num(gens)) &&
> (jname = sk_GENERAL_NAME_value(gens, i);
>if ( name && name->type==GEN_OTHERNAME ) { /* test for
> UPN */
>if (OBJ_cmp(name->d.otherName->type_id,
> krb5PrincipalName)) continue; /* object is not a UPN */
>else {
>/* NOTE:
>from PKINIT RFC, I deduce that stored format for
> kerberos
>Principal Name is ASN1_STRING, but not sure at 100%
>Any help will be granted
>*/
>unsigned char *txt;
>ASN1_TYPE *val = name->d.otherName->value;
>ASN1_STRING *str= val->value.asn1_string;
>printf("Found Kerberos Principal Name ");
unsigned char * p = str->data;
KDC_PRINCNAME *pn = d2i_KDC_PRINCNAME(NULL, &p,
str->length);
KRB5_PRINCNAME *princname = pn->princname;
printf("Realm '%*s'\nNAMETYPE: %ld\n",
pn->realm->length, pn->realm->data,
ASN1_INTEGER_get(princname->nametype));
for (j=0;
jnamestring); j++) {
ASN1_GENERALSTRING *gs =
sk_ASN1_GENERALSTRING_value(princname->namestring,j);
printf("[%i] %*s\n", j, gs->length, gs->data);
}
Cheers
Christian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: get subjectAltName
Attaching the PEM format certificate used ,
We need to convert it to DER before using it with the below given code.
Command to convert PEM to DER
openssl x509 -inform PEM -in KDC.pem -outform DER -out KDC.cer
Thanks and Regards
Naveen
Naveen B.N wrote:
Thank you Christian,
your suggestions helped us to get the position but as you mentioned
the problem
of resolving to kerberos principal name, i tried Google and added a
piece of code
but i am not getting the out put as shown below .
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define CERT_INFO_MAX_ENTRIES 15
#define CERT_INFO_SIZE 10
static char **cert_info_kpn(X509 *x509) {
int i,j;
static char *entries[CERT_INFO_SIZE];
STACK_OF(GENERAL_NAME) *gens;
GENERAL_NAME *name;
ASN1_OBJECT *krb5PrincipalName;
printf("Trying to find a Kerberos Principal Name in
certificate");
gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL,
NULL);
krb5PrincipalName = OBJ_txt2obj("1.3.6.1.5.2.2", 1);
if (!gens) {
printf("No alternate name extensions");
return NULL; /* no alternate names */
}
if (!krb5PrincipalName) {
printf("Cannot map KPN object");
return NULL;
}
for (i=0,j=0; (i < sk_GENERAL_NAME_num(gens)) &&
(j
name = sk_GENERAL_NAME_value(gens, i);
if ( name && name->type==GEN_OTHERNAME ) { /* test for
UPN */
if (OBJ_cmp(name->d.otherName->type_id,
krb5PrincipalName)) continue; /* object is not a UPN */
else {
/* NOTE:
from PKINIT RFC, I deduce that stored format
for kerberos
Principal Name is ASN1_STRING, but not sure at
100%
Any help will be granted
*/
unsigned char *txt;
ASN1_TYPE *val = name->d.otherName->value;
ASN1_STRING *str= val->value.asn1_string;
printf("Found Kerberos Principal Name ");
if ( ( ASN1_STRING_to_UTF8(&txt, str) ) < 0) {
printf("ASN1_STRING_to_UTF8() failed: %s",
ERR_error_string(ERR_get_error(),NULL));
} else {
printf("Adding KPN entry: %s",txt);
//entries[j++]= clone_str((const char *)txt);
}
}
}
}
sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
ASN1_OBJECT_free(krb5PrincipalName);
if(j==0) {
printf("Certificate does not contain a KPN entry");
return NULL;
}
return entries;
}
int find_root_cert(const unsigned char **in,int len)
{
X509 *cert1=NULL;
X509_NAME *name;
char *buffer; X509_EXTENSION *ext=NULL;
char *test;
int pos=0,nid;
cert1=d2i_X509(NULL,in,len);
printf("\n cert=%x ", cert1);
name=X509_get_subject_name(cert1);
buffer=X509_NAME_oneline(name, 0, 0);
if(strstr(buffer,"CN=kdc.globaledgesoft.com")==NULL)
return -1;
else
{ #if 0
pos=X509_get_ext_by_NID(cert1,NID_subject_alt_name, -1);
if (pos == -1){
printf("\n pos == -1 \n");
return -1;
}
ext=X509_get_ext(cert1,pos);
if(ext!=NULL){
test=(char *)d2i_ASN1_IA5STRING((ASN1_IA5STRING
**)&ext->value->data,NULL,0);
printf("\n test =%s ", test);
}
#endif
cert_info_kpn(cert1);
return 0;
}
}
int main(int argc, char **argv)
{
const unsigned char *in ;
int len,size,ret;
X509 *cert1=NULL;
X509 *cert2=NULL;
FILE *fp;
struct stat st;
fp = fopen("KDC.cer","r");
stat ( (const char *)"KDC.cer",&st);
size = st.st_size;
in=(unsigned char *)malloc(++size);
printf("\n length = %d ",size);
len=fread((void *)in,1,size,fp);
fclose(fp);
printf("\n Len =%d",len);
printf("\n cert=%x ", cert1);
if(find_root_cert(&in,len)==0)
printf("\n This is the Root\n");
else
printf("\n No match was found \n");
}
/* output */
length = 1001
Len =1000
cert=0
cert=86da458 Trying to find a Kerberos Principal Name in
certificateFound Kerberos Principal Name ASN1_STRING_to_UTF8() failed:
error::lib(0):func(0):reason(0)Certificate does not contain a
KPN entry
This is the Root
Thanks in advance .
Regards
Naveen
Christian Hohnstaedt wrote:
On Wed, Sep 22, 2010 at 02:40:26PM +0530, Naveen B.N wrote:
Hello,
I am using Linux.
I am trying to print the subjectAltName present in the certificate,
but i am seeing crash in /lib/libcrypto.so.6
core was generated by `./a.out'.
Program terminated with signal 11, Segmentation fault.
#0 0x058b8a03 in OBJ
Re: get subjectAltName
Thank you Christian,
your suggestions helped us to get the position but as you mentioned the
problem
of resolving to kerberos principal name, i tried Google and added a
piece of code
but i am not getting the out put as shown below .
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define CERT_INFO_MAX_ENTRIES 15
#define CERT_INFO_SIZE 10
static char **cert_info_kpn(X509 *x509) {
int i,j;
static char *entries[CERT_INFO_SIZE];
STACK_OF(GENERAL_NAME) *gens;
GENERAL_NAME *name;
ASN1_OBJECT *krb5PrincipalName;
printf("Trying to find a Kerberos Principal Name in
certificate");
gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
krb5PrincipalName = OBJ_txt2obj("1.3.6.1.5.2.2", 1);
if (!gens) {
printf("No alternate name extensions");
return NULL; /* no alternate names */
}
if (!krb5PrincipalName) {
printf("Cannot map KPN object");
return NULL;
}
for (i=0,j=0; (i < sk_GENERAL_NAME_num(gens)) &&
(j
name = sk_GENERAL_NAME_value(gens, i);
if ( name && name->type==GEN_OTHERNAME ) { /* test for
UPN */
if (OBJ_cmp(name->d.otherName->type_id,
krb5PrincipalName)) continue; /* object is not a UPN */
else {
/* NOTE:
from PKINIT RFC, I deduce that stored format for
kerberos
Principal Name is ASN1_STRING, but not sure at 100%
Any help will be granted
*/
unsigned char *txt;
ASN1_TYPE *val = name->d.otherName->value;
ASN1_STRING *str= val->value.asn1_string;
printf("Found Kerberos Principal Name ");
if ( ( ASN1_STRING_to_UTF8(&txt, str) ) < 0) {
printf("ASN1_STRING_to_UTF8() failed: %s",
ERR_error_string(ERR_get_error(),NULL));
} else {
printf("Adding KPN entry: %s",txt);
//entries[j++]= clone_str((const char *)txt);
}
}
}
}
sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
ASN1_OBJECT_free(krb5PrincipalName);
if(j==0) {
printf("Certificate does not contain a KPN entry");
return NULL;
}
return entries;
}
int find_root_cert(const unsigned char **in,int len)
{
X509 *cert1=NULL;
X509_NAME *name;
char *buffer;
X509_EXTENSION *ext=NULL;
char *test;
int pos=0,nid;
cert1=d2i_X509(NULL,in,len);
printf("\n cert=%x ", cert1);
name=X509_get_subject_name(cert1);
buffer=X509_NAME_oneline(name, 0, 0);
if(strstr(buffer,"CN=kdc.globaledgesoft.com")==NULL)
return -1;
else
{
#if 0
pos=X509_get_ext_by_NID(cert1,NID_subject_alt_name, -1);
if (pos == -1){
printf("\n pos == -1 \n");
return -1;
}
ext=X509_get_ext(cert1,pos);
if(ext!=NULL){
test=(char *)d2i_ASN1_IA5STRING((ASN1_IA5STRING
**)&ext->value->data,NULL,0);
printf("\n test =%s ", test);
}
#endif
cert_info_kpn(cert1);
return 0;
}
}
int main(int argc, char **argv)
{
const unsigned char *in ;
int len,size,ret;
X509 *cert1=NULL;
X509 *cert2=NULL;
FILE *fp;
struct stat st;
fp = fopen("KDC.cer","r");
stat ( (const char *)"KDC.cer",&st);
size = st.st_size;
in=(unsigned char *)malloc(++size);
printf("\n length = %d ",size);
len=fread((void *)in,1,size,fp);
fclose(fp);
printf("\n Len =%d",len);
printf("\n cert=%x ", cert1);
if(find_root_cert(&in,len)==0)
printf("\n This is the Root\n");
else
printf("\n No match was found \n");
}
/* output */
length = 1001
Len =1000
cert=0
cert=86da458 Trying to find a Kerberos Principal Name in
certificateFound Kerberos Principal Name ASN1_STRING_to_UTF8() failed:
error::lib(0):func(0):reason(0)Certificate does not contain a
KPN entry
This is the Root
Thanks in advance .
Regards
Naveen
Christian Hohnstaedt wrote:
On Wed, Sep 22, 2010 at 02:40:26PM +0530, Naveen B.N wrote:
Hello,
I am using Linux.
I am trying to print the subjectAltName present in the certificate, but
i am seeing crash in /lib/libcrypto.so.6
core was generated by `./a.out'.
Program terminated with signal 11, Segmentation fault.
#0 0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
(gdb) bt
#0 0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
#1 0x0593a786 in X509v3_get_ext_by_OBJ () from /lib/libcrypto.so.6
#2 0x0593a7ce in X509v3_get_ext_by_NID () from /lib/libcrypto.so.6
#3 0x08048870 in fin
Re: get subjectAltName
On Wed, Sep 22, 2010 at 02:40:26PM +0530, Naveen B.N wrote:
> Hello,
> I am using Linux.
> I am trying to print the subjectAltName present in the certificate, but
> i am seeing crash in /lib/libcrypto.so.6
> core was generated by `./a.out'.
> Program terminated with signal 11, Segmentation fault.
> #0 0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
> (gdb) bt
> #0 0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
> #1 0x0593a786 in X509v3_get_ext_by_OBJ () from /lib/libcrypto.so.6
> #2 0x0593a7ce in X509v3_get_ext_by_NID () from /lib/libcrypto.so.6
> #3 0x08048870 in find_root_cert (in=0x9445a72 "", len=1002) at
> find_root.c:37
> #4 0x080489af in main () at find_root.c:65
>
> Help me to solve this issue. Please guide, if any other alternative to
> method to achieve the same
> Please find the code used below.
First hint: look at the warnings issued by the compiler.
They usually indicate you are doing something wrong.
>
> Thanks and Regards
> Naveen
>
> / Start code ***/int find_root_cert(char
> *in,int len)
> {
>X509 *cert1=NULL;
>X509_NAME *name;
>char *buffer; X509_EXTENSION *ext=NULL;
>char *test;
>int pos=0,nid;
>
>cert1=d2i_X509(NULL,&in,len);
>printf("\n cert=%x ", cert1);
>name=X509_get_subject_name(cert1);
>buffer=X509_NAME_oneline(name, 0, 0);
>if(strstr(buffer,"CN=kdc.globaledgesoft.com")==NULL)
>return -1;
>else
>{* nid=OBJ_sn2nid("subjectAltName");
>pos=X509v3_get_ext_by_NID (cert1,OBJ_sn2nid("subjectAltName"), -1);
/* no need to translate constant string ("subjectAltName") to NID
Use the nid constant directly: NID_subject_alt_name
X509v3_get_ext_by_NID() expects a pointer to extensions
X509_get_ext_by_NID() expects a cert as first argument
*/
pos=X509_get_ext_by_NID (cert1, NID_subject_alt_name, -1);
/* need to check for existance of subjectAltName */
if (pos == -1)
ERROR();
> ext=X509v3_get_ext(cert1,pos);
Same as above: use X509_get_ext() instead.
The compiler told you about incompatible pointer types. Don't ignore it.
>if(ext!=NULL){
>test=d2i_ASN1_IA5STRING(&ext->value->data,NULL,0);
It is not that easy
The subaltname is tagged as otherName in the kdc.cer
You need to parse the othername, which contains the OID
1.3.6.1.5.2.2
which indicates a DER encoded KRB5PrincipalName
search Google for the OID
Cheers
Christian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
get subjectAltName
Hello,
I am using Linux.
I am trying to print the subjectAltName present in the certificate, but
i am seeing crash in /lib/libcrypto.so.6
core was generated by `./a.out'.
Program terminated with signal 11, Segmentation fault.
#0 0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
(gdb) bt
#0 0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
#1 0x0593a786 in X509v3_get_ext_by_OBJ () from /lib/libcrypto.so.6
#2 0x0593a7ce in X509v3_get_ext_by_NID () from /lib/libcrypto.so.6
#3 0x08048870 in find_root_cert (in=0x9445a72 "", len=1002) at
find_root.c:37
#4 0x080489af in main () at find_root.c:65
Help me to solve this issue. Please guide, if any other alternative to
method to achieve the same
Please find the code used below.
Thanks and Regards
Naveen
/ Start code ***/int find_root_cert(char
*in,int len)
{
X509 *cert1=NULL;
X509_NAME *name;
char *buffer; X509_EXTENSION *ext=NULL;
char *test;
int pos=0,nid;
cert1=d2i_X509(NULL,&in,len);
printf("\n cert=%x ", cert1);
name=X509_get_subject_name(cert1);
buffer=X509_NAME_oneline(name, 0, 0);
if(strstr(buffer,"CN=kdc.globaledgesoft.com")==NULL)
return -1;
else
{* nid=OBJ_sn2nid("subjectAltName");
pos=X509v3_get_ext_by_NID (cert1,OBJ_sn2nid("subjectAltName"), -1);
ext=X509v3_get_ext(cert1,pos);
if(ext!=NULL){
test=d2i_ASN1_IA5STRING(&ext->value->data,NULL,0);
printf("\n test =%s ", test);*
}
return 0;
}
}
int main(int argc, char **argv)
{
const unsigned char *in ;
int len,size,ret;
X509 *cert1=NULL;
X509 *cert2=NULL;
FILE *fp;
struct stat st;
fp = fopen("kdc.cer","r");
stat ( (const char *)"kdc.cer",&st);
size = st.st_size;
in=(unsigned char *)malloc(++size);
printf("\n length = %d ",size);
len=fread(in,1,size,fp);
fclose(fp);
printf("\n Len =%d",len);
printf("\n cert=%x ", cert1);
if(find_root_cert(in,len)==0)
printf("\n This is the Root\n");
else
printf("\n No match was found \n");
}
/* End /
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: get subjectAltName
Resending with attachment ..
Naveen B.N wrote:
Hello,
I am using Linux.
I am trying to print the subjectAltName present in the certificate,
but i am seeing crash in /lib/libcrypto.so.6
core was generated by `./a.out'.
Program terminated with signal 11, Segmentation fault.
#0 0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
(gdb) bt
#0 0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
#1 0x0593a786 in X509v3_get_ext_by_OBJ () from /lib/libcrypto.so.6
#2 0x0593a7ce in X509v3_get_ext_by_NID () from /lib/libcrypto.so.6
#3 0x08048870 in find_root_cert (in=0x9445a72 "", len=1002) at
find_root.c:37
#4 0x080489af in main () at find_root.c:65
Help me to solve this issue. Please guide, if any other alternative to
method to achieve the same
Please find the code used below and certificate is attached.
Thanks and Regards
Naveen
/ Start code ***/int find_root_cert(char
*in,int len)
{
X509 *cert1=NULL;
X509_NAME *name;
char *buffer;
X509_EXTENSION *ext=NULL;
char *test;
int pos=0,nid;
cert1=d2i_X509(NULL,&in,len);
printf("\n cert=%x ", cert1);
name=X509_get_subject_name(cert1);
buffer=X509_NAME_oneline(name, 0, 0);
if(strstr(buffer,"CN=kdc.globaledgesoft.com")==NULL)
return -1;
else
{
* nid=OBJ_sn2nid("subjectAltName");
pos=X509v3_get_ext_by_NID (cert1,OBJ_sn2nid("subjectAltName"),
-1);
ext=X509v3_get_ext(cert1,pos);
if(ext!=NULL){
test=d2i_ASN1_IA5STRING(&ext->value->data,NULL,0);
printf("\n test =%s ", test);*
}
return 0;
}
}
int main(int argc, char **argv)
{
const unsigned char *in ;
int len,size,ret;
X509 *cert1=NULL;
X509 *cert2=NULL;
FILE *fp;
struct stat st;
fp = fopen("kdc.cer","r");
stat ( (const char *)"kdc.cer",&st);
size = st.st_size;
in=(unsigned char *)malloc(++size);
printf("\n length = %d ",size);
len=fread(in,1,size,fp);
fclose(fp);
printf("\n Len =%d",len);
printf("\n cert=%x ", cert1);
if(find_root_cert(in,len)==0)
printf("\n This is the Root\n");
else
printf("\n No match was found \n");
}
/* End /
kdc.cer
Description: application/x509-ca-cert
