Re: read X509 certificate from DER format file using d2i_X509
dirk laurijssen wrote: > > Ok, > > I modified that,and added the OpenSSL_add_all_algorithms(), but to no avail. > Any other hints ? > > Thanks & kind regards, > dirk L. > What value do you get from X509_get_version? It returns the value of the version field which is one less than the certificate version. BTW OpenSSL_add_all_algorithms() isn't needed to check the version field and it certainly shouldn't be called repeatedly in a funtion: just once at startup. However I notice: > pem_cert = d2i_X509(NULL, &p, length); Is the data in PEM format (text with BEGIN and END lines?) if so you can't use d2i_X509, you need a memory BIO instead. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: read X509 certificate from DER format file using d2i_X509
Ok, I modified that,and added the OpenSSL_add_all_algorithms(), but to no avail. Any other hints ? Thanks & kind regards, dirk L. int validate_ssl (int ok, char *ip, char *protocol, char *subject,char *issuer, unsigned char *cert, int length, int depth,char **message) { char *cp; char *Fname = "validate_ssl"; int i; int len; char *mp; int rc; char *status; X509 *pem_cert; char* name; char* errmsg = NULL; int ldap_err; int version; char* dirname; unsigned char *p; OpenSSL_add_all_algorithms(); rc = ok && SSLok; /*pem_cert = X509_new();*/ if (!cert) fprintf(stderr, "validate_ssl: DER certificate not available\n"); /*the ASN1-parsing functions increment the pointer, so to avoid problems use a temporary pointer */ /*http://www.openssl.org/support/faq.html#PROG3 */ p = cert; pem_cert = d2i_X509(NULL, &p, length); version = X509_get_version(pem_cert); fprintf(stderr, "version %d\n",version); 22/08/2001 1:36:15, Dr S N Henson <[EMAIL PROTECTED]> wrote: >dirk laurijssen wrote: >> >> Hi, >> Altough mentioned in the faq http://www.openssl.org/support/faq.html#PROG3 , I >can't seem to get the DER-certificate loaded appropriately into the X509- struct. >> >[stuff deleted] >> >> int >> validate_ssl (int ok, char *ip, char *protocol, char *subject, >> char *issuer, unsigned char *cert, int length, int depth, >> char **message) >> { >> >> >>X509 *new_cert = d2i_X509(NULL, &cert, sizeof(cert)); >>version = X509_get_version(new_cert); >> >> } > >sizeof(cert) since "cert" is of type (char *) will just give you the >size of a pointer (typically 4) what you want is the size of the buffer >pointed to by "cert" which might be 'length' from the prototype... > >Steve. >-- >Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ >Personal Email: [EMAIL PROTECTED] >Senior crypto engineer, Celo Communications: http://www.celocom.com/ >Core developer of the OpenSSL project: http://www.openssl.org/ >Business Email: [EMAIL PROTECTED] PGP key: via homepage. > >__ >OpenSSL Project http://www.openssl.org >User Support Mailing List[EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > * Dirk Laurijssen Syntegra, creating winners in the digital economy. +32 2 247 92 20 - Check us out at www.syntegra.be * __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: read X509 certificate from DER format file using d2i_X509
dirk laurijssen wrote: > > Hi, > Altough mentioned in the faq http://www.openssl.org/support/faq.html#PROG3 , I can't >seem to get the DER-certificate loaded appropriately into the X509-struct. > [stuff deleted] > > int > validate_ssl (int ok, char *ip, char *protocol, char *subject, > char *issuer, unsigned char *cert, int length, int depth, > char **message) > { > > >X509 *new_cert = d2i_X509(NULL, &cert, sizeof(cert)); >version = X509_get_version(new_cert); > > } sizeof(cert) since "cert" is of type (char *) will just give you the size of a pointer (typically 4) what you want is the size of the buffer pointed to by "cert" which might be 'length' from the prototype... Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]