On Wednesday 14 March 2007 04:05:45 you wrote:
> Hi list,
>
> I need to get an X509 *cert using string buffer, which is a base64
> encoded representation of it. In other words, if I have the contents of
> a ---BEGIN CERTIFICATE--- and  --END CERTIFICATE--- of a .pem file, I
> need to retrieve the certificate.
>
THis is really easy - either use PEM_read_X509() to directly read the file... 
or, if the PEM encoded certificate is already in a string buffer, you can do 
something like:

char certstr[] = "---BEGIN---" ... "---END CERT---";
BIO *membuf = BIO_new(BIO_s_mem());
BIO_puts(membuf, certstr[]);
X509 *cert = PEM_read_bio_X509(membuf, NULL, NULL, NULL);


Which is MUCH, MUCH easier than what you are trying to do below....

Don't re-invent the wheel :)

Patrick.

> I used d2i_X509_bio() function for this. There I first decode the base64
> encoded string and then created a BIO* using function BIO_new_mem_buf().
>
> In summary the process is...
> b64_string --[EVP_Decode]-->binary--[d2i_X509_bio()]--->X509* certificate
>
> But I found that the binaries are different if the line breaks(\n) are
> available . And the function gives the certificate only if line
> breaks(\n) are there. If I'm correct, the base64 decode function should
> handle line breaks. EVP_DecodeInit/Update/Final functions gives
> different outputs depending on line breaks and thus the d2i_X509_bio()
> function fails if line breaks are not available.
> Can somebody point me what I have to do overcome this?
> Herewith I'll attach my program.
> Cheers,
> Kau
>
> int main(int argc , char **argv)
> {
>     FILE *fp;
>     char buff[1000];
>     char b64[2000];
>     int ilen = 0;
>     BIO *mem;
>     X509 *cert;
>     EVP_ENCODE_CTX ctx;
>     int len, ret;
>
>
>     if (!(fp = fopen("cert.pem", "rb")))
>     {
>         printf("Error opening file\n" );
>         exit(1);
>     }
>
>     ilen = fread(b64,1,2000,fp);
>     b64[ilen]=0;
>
>     EVP_DecodeInit(&ctx);
>     EVP_DecodeUpdate(&ctx, (unsigned char*)buff,&len,
>                    (unsigned char*)b64, ilen);
>     EVP_DecodeFinal(&ctx, (unsigned char*)buff, &ret);
>     ret += len;
>
>
>     if ((mem = BIO_new_mem_buf(buff, ilen)) == NULL)
>     {
>         printf("Error\n");
>         exit(1);
>     }
>     cert = d2i_X509_bio(mem, NULL);
>     BIO_free(mem);
>
>     if (cert == NULL)
>     {
>         printf("Error in certificate\n");
>         exit(1);
>     }
> }
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [email protected]
> Automated List Manager                           [EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to