Ding Yiqiang wrote:
>
> Hi
>
> What's the difference between PEM_read_bio_X509 and PEM_read_bio_X509_AUX?
>
X509 is a the traditional PEM format which is just a base64 DER encoded
structure with header and footer lines. X509_AUX is a "trusted
certificate" format, unique to OpenSSL, which allows an application to
tag extra data associated with the certificate such as a friendly name,
a key ID, and the trusted purposes for which a certificate can be used
as a root CA, it uses different header and footer lines too.
You can read in any certificate (trusted or otherwise) using
PEM_read_bio_X509 but no extra data will be included. With
PEM_read_bio_X509_AUX if the certificate is trusted then the extra data
will be included.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
