[EMAIL PROTECTED] wrote:
>
> On my webserver, one of the server variables contains the base64 encoded
> certificate.
> I would like to read this certificate in to a X509*.
> What is the best way to do this?
>
> The certificate bit stream is without the headers used in the PEM decoding
> (BEGIN CERTIFICATE......) so I can not use the PEM_xxxx routines.
> I know that I could probably do something like add the PEM headers to the
> base64 encoded certificate and then use the PEM_xxx functions, but I'm sure
> there is a better way to do this in OpenSSL.
>
Two ways.
The first is via "bio shuffling". In outline you would write the base64
encoded certificate to a memory BIO, add a base64 decoding filter BIO to
it and then pull the data with d2i_X509_bio(): there's an example of
using a filter BIO in apps/enc.c
The other way is to allocate a buffer and use the EVP base64 interface
to decode it then use d2i_X509 on the decoded data. This is done in the
library to handle SPKACs. Check out crypto/x509/x509spki.c in the
function NETSCAPE_SPKI_b64_decode(): if you just replace NETSCAPE_SPKI
with X509 it should do what you want (delete the X509err stuff).
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
