Maybe. The last time I tried this was in 2001 with the
Globus Toolkit 4.0.16
$Source:
/home/globdev/CVS/globus-1998_04_16/Globus/Security/gssapi_ssleay/sslutils.c,v $
$Date: 2001/05/05 22:41:27 $
$Revision: 1.113 $
$Author: dengert $
has proxy_marshal_*() routines to write out the cert chain.
But back then I added this to accept_sec_context.c:
* If the user did not ask for the delegated cred handle
* we will write out the delegated proxy here
* on the server, the s3_srvr.c does not save the
* peer cert chain. So our proxy_verify_callback
* will. If this is fixed, then
* we could use SSL_get_peer_cert_chain(context->gs_ssl)
So you need to verify if the s3_srvr.c saved the peer chain
in the OpenSSL version you are using.
Aravinda babu wrote:
Hi Douglas,
Is this right way to get the peer certificate in a data buffer ?
STACK_OF(X509) *sk;
int ii = 0, noOfCerts = 0 , res = -1;
X509 *certs[15];
unsigned char *intFmtOfCerts[15];
unsigned int len[15];
sk = SSL_get_peer_cert_chain(connssl->handle);
noOfCerts = sk_X509_num(sk) ;
for(ii = 0 ; ii < noOfCerts ; ii++)
{
certs[ii] = sk_X509_value (sk, ii);
len[ii] = i2d_X509( certs[ii] , NULL);
intFmtOfCerts[ii] = (unsigned char *) malloc( len[ii] );
len[ii] = i2d_X509( certs[ii] ,
&intFmtOfCerts[ii] );
}
Thanks,
Aravind.
On Fri, Oct 17, 2008 at 8:26 PM, Douglas E. Engert <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Aravinda babu wrote:
Hi all,
I am new to OpenSSL.I want to get the peer certificate in a
memory buffer.
If i use SSL_get_peer_certificate i can get in X509 strcture.
But i want the peer certificate as a data buffer.(unsigned char *)
Then what are you going to do with it?
Write to a file or memory?
Do you want der or pem encoding?
bp = BIO_new(BIO_s_mem()); /* To memory */
or
bp = BIO_new(BIO_s_file()); /* to a file */
fp = fopen(filename,"w"));
BIO_set_fp(bp,fp,BIO_NOCLOSE);
peer = s->session->peer;
i2d_X509_bio(bp,peer); /* as der */
or
PEM_write_bio_X509(bp,peer); /* as pem */
Is there any API for this ??
Thanks in advance,
Aravind.
--
Douglas E. Engert <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List
openssl-dev@openssl.org <mailto:openssl-dev@openssl.org>
Automated List Manager
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]