Re: read X509 certificate from DER format file using d2i_X509
Ok, I modified that,and added the OpenSSL_add_all_algorithms(), but to no avail. Any other hints ? Thanks kind regards, dirk L. int validate_ssl (int ok, char *ip, char *protocol, char *subject,char *issuer, unsigned char *cert, int length, int depth,char **message) { char *cp; char *Fname = validate_ssl; int i; int len; char *mp; int rc; char *status; X509 *pem_cert; char* name; char* errmsg = NULL; int ldap_err; int version; char* dirname; unsigned char *p; OpenSSL_add_all_algorithms(); rc = ok SSLok; /*pem_cert = X509_new();*/ if (!cert) fprintf(stderr, validate_ssl: DER certificate not available\n); /*the ASN1-parsing functions increment the pointer, so to avoid problems use a temporary pointer */ /*http://www.openssl.org/support/faq.html#PROG3 */ p = cert; pem_cert = d2i_X509(NULL, p, length); version = X509_get_version(pem_cert); fprintf(stderr, version %d\n,version); 22/08/2001 1:36:15, Dr S N Henson [EMAIL PROTECTED] wrote: dirk laurijssen wrote: Hi, Altough mentioned in the faq http://www.openssl.org/support/faq.html#PROG3 , I can't seem to get the DER-certificate loaded appropriately into the X509- struct. [stuff deleted] int validate_ssl (int ok, char *ip, char *protocol, char *subject, char *issuer, unsigned char *cert, int length, int depth, char **message) { X509 *new_cert = d2i_X509(NULL, cert, sizeof(cert)); version = X509_get_version(new_cert); } sizeof(cert) since cert is of type (char *) will just give you the size of a pointer (typically 4) what you want is the size of the buffer pointed to by cert which might be 'length' from the prototype... Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] * Dirk Laurijssen Syntegra, creating winners in the digital economy. +32 2 247 92 20 - Check us out at www.syntegra.be * __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: read X509 certificate from DER format file using d2i_X509
dirk laurijssen wrote: Ok, I modified that,and added the OpenSSL_add_all_algorithms(), but to no avail. Any other hints ? Thanks kind regards, dirk L. What value do you get from X509_get_version? It returns the value of the version field which is one less than the certificate version. BTW OpenSSL_add_all_algorithms() isn't needed to check the version field and it certainly shouldn't be called repeatedly in a funtion: just once at startup. However I notice: pem_cert = d2i_X509(NULL, p, length); Is the data in PEM format (text with BEGIN and END lines?) if so you can't use d2i_X509, you need a memory BIO instead. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: read X509 certificate from DER format file using d2i_X509
dirk laurijssen wrote: Hi, Altough mentioned in the faq http://www.openssl.org/support/faq.html#PROG3 , I can't seem to get the DER-certificate loaded appropriately into the X509-struct. [stuff deleted] int validate_ssl (int ok, char *ip, char *protocol, char *subject, char *issuer, unsigned char *cert, int length, int depth, char **message) { X509 *new_cert = d2i_X509(NULL, cert, sizeof(cert)); version = X509_get_version(new_cert); } sizeof(cert) since cert is of type (char *) will just give you the size of a pointer (typically 4) what you want is the size of the buffer pointed to by cert which might be 'length' from the prototype... Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]