On Tue, Mar 11, 2003 at 01:54:55PM -0800, rajagopalan ramanujam wrote: > > hi, > > I am having a problem when reading a certificate and > private key from a memory buffer instead of a file. > i am using d2i_X509(NULL,&cert,strlen(cert)) to read > the certificate string which was defined in one of > .pem > file. Should i use SSL_CTX_use_certificate_ASN1 > instead??? Please help me..... > > copied from server.pem file > unsigned char * cert > ="MIIDDzCCAs2gAwIBAgICA............Qw=="; > unsigned char * key = > "y5qH6Q0Nvb5SUcJEYY...........p6==";
Incorrect. This is PEM format, d2i_* expected DER/binary input
use:
% openssl x509 -in server.pem -noout -C > server_cert.c
will produce some like this:
[cut]
unsigned char XXX_certificate[1592]={
0x30,0x82,0x06,0x34,0x30,0x82,0x05,0x1C,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x0D,
[cut]
>
> here is my sample server code :
>
> void ssl_server ()
> {
>
> SSL_CTX* ctx;
> SSL* ssl;
> X509* client_cert,*x509_cert,*x509_key;
> char* str;
> SSL_METHOD *meth;
> int theFd;
> fd_set theFdSet;
>
> /* SSL preliminaries. We keep the certificate and
> key with the context. */
>
> SSL_load_error_strings();
> SSLeay_add_ssl_algorithms();
> meth = SSLv23_server_method();
> ctx = SSL_CTX_new (meth);
>
> x509_cert = d2i_X509(NULL,&cert,strlen(cert));
>
> if (SSL_CTX_use_certificate(ctx,x509_cert) <= 0) {
> return;
> }
>
> x509_key = d2i_X509(NULL,&key,sizeof(key));
>
> if (SSL_CTX_use_PrivateKey(ctx,x509_key) <= 0) {
> return;
> }
>
> if (!SSL_CTX_check_private_key(ctx)) {
> printf("Private key does not match the certificate
> public key\n");
> return;
> }
>
> .
> .
> }
>
> when d2i_X509 its failing for the following reason.
> IMPLEMENT_ASN1_FUNCTIONS(X509)
> ASN1_VALUE *ASN1_item_d2i(..)
> asn1_check_tlen(..)
> ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
> return 0;
here is sample code:
X509 *
get_cert( void)
{
unsigned char *der = XXX_certificate;
X509 *crt = NULL;
if ( NULL == ( crt = X509_new())) {
/* Ops, out-of-memory? */
return NULL;
}
return d2i_X509( &crt, &der, sizeof( XXX_certificate));
}
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://webhosting.yahoo.com
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
regards
Valentin Zahariev
CTO
E-CARD Ltd.
--------------------
http://www.e-card.bg
--------------------
PGP keyID: 0xC005C5CA
Key fingerprint = F3 46 26 21 8F F0 5E 19 5B B3 34 08 24 9E 71 13 C0 05 C5 CA
http://certs.e-card.bg:11371/pks/lookup?op=get&search=0xC005C5CA
pgp00000.pgp
Description: PGP signature
