Re: read X509 certificate from DER format file using d2i_X509
Ok,
I modified that,and added the OpenSSL_add_all_algorithms(), but to no avail.
Any other hints ?
Thanks kind regards,
dirk L.
int
validate_ssl (int ok, char *ip, char *protocol, char *subject,char *issuer, unsigned
char *cert, int length, int depth,char **message)
{
char *cp;
char *Fname = validate_ssl;
int i;
int len;
char *mp;
int rc;
char *status;
X509 *pem_cert;
char* name;
char* errmsg = NULL;
int ldap_err;
int version;
char* dirname;
unsigned char *p;
OpenSSL_add_all_algorithms();
rc = ok SSLok;
/*pem_cert = X509_new();*/
if (!cert)
fprintf(stderr, validate_ssl: DER certificate not available\n);
/*the ASN1-parsing functions increment the pointer, so to avoid problems use a
temporary pointer */
/*http://www.openssl.org/support/faq.html#PROG3
*/
p = cert;
pem_cert = d2i_X509(NULL, p, length);
version = X509_get_version(pem_cert);
fprintf(stderr, version %d\n,version);
22/08/2001 1:36:15, Dr S N Henson [EMAIL PROTECTED] wrote:
dirk laurijssen wrote:
Hi,
Altough mentioned in the faq http://www.openssl.org/support/faq.html#PROG3 , I
can't seem to get the DER-certificate loaded appropriately into the X509-
struct.
[stuff deleted]
int
validate_ssl (int ok, char *ip, char *protocol, char *subject,
char *issuer, unsigned char *cert, int length, int depth,
char **message)
{
X509 *new_cert = d2i_X509(NULL, cert, sizeof(cert));
version = X509_get_version(new_cert);
}
sizeof(cert) since cert is of type (char *) will just give you the
size of a pointer (typically 4) what you want is the size of the buffer
pointed to by cert which might be 'length' from the prototype...
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
*
Dirk Laurijssen
Syntegra, creating winners in the digital economy.
+32 2 247 92 20 - Check us out at www.syntegra.be
*
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: read X509 certificate from DER format file using d2i_X509
dirk laurijssen wrote: Ok, I modified that,and added the OpenSSL_add_all_algorithms(), but to no avail. Any other hints ? Thanks kind regards, dirk L. What value do you get from X509_get_version? It returns the value of the version field which is one less than the certificate version. BTW OpenSSL_add_all_algorithms() isn't needed to check the version field and it certainly shouldn't be called repeatedly in a funtion: just once at startup. However I notice: pem_cert = d2i_X509(NULL, p, length); Is the data in PEM format (text with BEGIN and END lines?) if so you can't use d2i_X509, you need a memory BIO instead. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: read X509 certificate from DER format file using d2i_X509
dirk laurijssen wrote:
Hi,
Altough mentioned in the faq http://www.openssl.org/support/faq.html#PROG3 , I can't
seem to get the DER-certificate loaded appropriately into the X509-struct.
[stuff deleted]
int
validate_ssl (int ok, char *ip, char *protocol, char *subject,
char *issuer, unsigned char *cert, int length, int depth,
char **message)
{
X509 *new_cert = d2i_X509(NULL, cert, sizeof(cert));
version = X509_get_version(new_cert);
}
sizeof(cert) since cert is of type (char *) will just give you the
size of a pointer (typically 4) what you want is the size of the buffer
pointed to by cert which might be 'length' from the prototype...
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
