On Mon, Feb 20, 2012, Dave Thompson wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of praveenpvs > > Sent: Sunday, 19 February, 2012 23:15 > > > I am new to OPENSSL. I have a certificate, i need to extract > > public key and > > serial number from it. I know the command to do that, but i > > wanted to use > > api in my application. > <snip> > > Could you please help me with the corresponding apis for > > these two commands? > > > OpenSSL's X509_* module is mostly older code and does not > have a full opaque API as some more recent modules do. > > You first get the cert into a variable of type X509 > which is actually struct x509_st declared in x509.h. > Actually your code uses a pointer to such a struct > which is allocated and deallocated by OpenSSL calls. > For a cert in a PEM-format file, which is what your > commandlines used, PEM_read_X509 declared in pem.h > reads it in and creates the X509. For other input > formats there are other options. > > Then just use fields from the struct as needed. > myx509->cert_info->serialNumber is the serial and > myx509->cert_info->key is the subjectPublicKeyInfo. > Note these are in internal formats: serialNumber > is an ASN1_INTEGER which can be converted with ASN1_* > routines to (or from) other numeric or text forms; > key is another struct containing an AlgorithmIdentifier > (containing an OID and possibly but rarely parameters) > and a BIT STRING which in turn contains the encoding of > the actual key in a format dependent on the type of key. > What you do with these depends on what you want to do. > > When you're done, x509_free() the pointer. >
Although some modules don't have an opaque API direct structure access is inadvisable if functions exist which can be used instead. In ths OPs case they do and the functions X509_get_serialNumber and X509_get_pubkey should be used. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
