Re: Decoding ASN.1 certificate content
Hi, Thank you all for the replys. I've found out what the problem was. The buffer that I sent to d2i_X509 function was bad ASN.1 buffer. After solving the cetrificate buffer retrieval everything worked great! Thanks Again, Lior 2009/5/21 Peter Sylvester > Victor B. Wagner wrote: > >> On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote: >> >> >> >>> IMO a good approach is also to simple read and understand apps/x509.c >>> >>> >> >> Unfortunately, it wouldn't help much. x509 utility does work only with >> certificates in files (or stdin), so it uses d2i_X509_bio. >> >> In this case certificate is stored in the memory buffer, so it seems to >> be an extra overhead first to create BIO_mem from this buffer and then >> decode it using d2i_X509_bio. >> > Right, but I was unprecise, on needs > > 1 : how to initialise the openssl library, load error strings, etv > 2 : decoding, yes not using d2i_X509_bio but d2i_X509 > 3 : extract, and print the content > > /P > > > __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing Listopenssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> >> > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Lior Aharoni
Re: Decoding ASN.1 certificate content
Victor B. Wagner wrote: On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote: IMO a good approach is also to simple read and understand apps/x509.c Unfortunately, it wouldn't help much. x509 utility does work only with certificates in files (or stdin), so it uses d2i_X509_bio. In this case certificate is stored in the memory buffer, so it seems to be an extra overhead first to create BIO_mem from this buffer and then decode it using d2i_X509_bio. Right, but I was unprecise, on needs 1 : how to initialise the openssl library, load error strings, etv 2 : decoding, yes not using d2i_X509_bio but d2i_X509 3 : extract, and print the content /P __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decoding ASN.1 certificate content
On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote: > IMO a good approach is also to simple read and understand apps/x509.c Unfortunately, it wouldn't help much. x509 utility does work only with certificates in files (or stdin), so it uses d2i_X509_bio. In this case certificate is stored in the memory buffer, so it seems to be an extra overhead first to create BIO_mem from this buffer and then decode it using d2i_X509_bio. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decoding ASN.1 certificate content
IMO a good approach is also to simple read and understand apps/x509.c __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Decoding ASN.1 certificate content
Hi All, Can someone please direct me to the relevant OpenSSL API for decoding binary stream of the entire certificate content in ASN.1 format? The reason that I need it is for extracting extra details from certificate that I'm getting from IIS web server using Request.ClientCertificate["Certificate"] call. I don't want to use microsoft's API for extracting the details because of compatability issues between MS & OpenSSL in fields represantation. As stated in Microsoft documantation, the Request.ClientCertificate["Certificate"] value is: A string containing the binary stream of the entire certificate content in ASN.1 format. This is useful to discover if special *SubFields* are present. http://msdn.microsoft.com/en-us/library/ms524668.aspx Thanks, -- Lior Aharoni
Re: Decoding ASN.1 certificate content
On 2009.05.20 at 15:03:09 +0300, Lior Aharoni wrote: >Hi Victor, > >Thank you for the quick reply. >I did try to use d2i_X509 function but I get the following error: > > 2520:error:0D07207B:lib(13):func(114):reason(123):.\crypto\asn1\asn1_lib.c:150: First of all, you should call ERR_load_crypto_strings() in your program before doing anything else with OpenSSL functions. Thus you'll receive much more readable error messages. It seems that you are passing wrong buffer to d2i_X509 function or incorrectly pass buffer length. d2i_X509 expects following arguments: 1. Pointer to pointer to pointer to X509 structure to fill. If is NULL, fresh one would be allocated 2. Pointer to pointer to input buffer. pointer to buffer, pointed by this argument, would be incremented to point to first unparsed byte in the buffer 2. Length of buffer. Your error means that length of ASN1 structure as determined by parsing is bigger than specified length. If you pass data correctly, it means that there is something else in the beginning of the buffer, than binary DER representation of certificate. > > It is d2i_X509 function. It has same API as all other d2i functions and > return X509 structure which can be passed to various OpenSSL information > functions. Unfortunately, this part of OpenSSL is quite poorly > documented. > > __ > OpenSSL Project > [2]http://www.openssl.org > User Support Mailing List > [3]openssl-us...@openssl.org > Automated List Manager > [4]majord...@openssl.org > >-- >Lior Aharoni > > References > >Visible links >1. mailto:vi...@cryptocom.ru >2. http://www.openssl.org/ >3. mailto:openssl-users@openssl.org >4. mailto:majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decoding ASN.1 certificate content
Hi Victor, Thank you for the quick reply. I did try to use d2i_X509 function but I get the following error: 2520:error:0D07207B:lib(13):func(114):reason(123):.\crypto\asn1\asn1_lib.c:150: 2520:error:0D068066:lib(13):func(104):reason(102):.\crypto\asn1\tasn_dec.c:1281: 2520:error:0D07803A:lib(13):func(120):reason(58):.\crypto\asn1\tasn_dec.c:380:Ty pe=X509 Do you know what might be the problem? Thanks, Lior 2009/5/20 Victor B. Wagner > On 2009.05.20 at 14:05:05 +0300, Lior Aharoni wrote: > > >Hi All, > >═ > >Can someone please direct me to the relevant OpenSSL API for decoding > >binary stream of the entire certificate content in ASN.1 format? > > It is d2i_X509 function. It has same API as all other d2i functions and > return X509 structure which can be passed to various OpenSSL information > functions. Unfortunately, this part of OpenSSL is quite poorly > documented. > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Lior Aharoni
Re: Decoding ASN.1 certificate content
On 2009.05.20 at 14:05:05 +0300, Lior Aharoni wrote: >Hi All, >═ >Can someone please direct me to the relevant OpenSSL API for decoding >binary stream of the entire certificate content in ASN.1 format? It is d2i_X509 function. It has same API as all other d2i functions and return X509 structure which can be passed to various OpenSSL information functions. Unfortunately, this part of OpenSSL is quite poorly documented. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Decoding ASN.1 certificate content
Hi All, Can someone please direct me to the relevant OpenSSL API for decoding binary stream of the entire certificate content in ASN.1 format? The reason that I need it is for extracting extra details from certificate that I'm getting from IIS web server using Request.ClientCertificate["Certificate"] call. I don't want to use microsoft's API for extracting the details because of compatability issues between MS & OpenSSL in fields represantation. As stated in Microsoft documantation, the Request.ClientCertificate["Certificate"] value is: A string containing the binary stream of the entire certificate content in ASN.1 format. This is useful to discover if special SubFields are present. http://msdn.microsoft.com/en-us/library/ms524668.aspx Thanks, -- Lior Aharoni