Re: Decoding ASN.1 certificate content
On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote: IMO a good approach is also to simple read and understand apps/x509.c Unfortunately, it wouldn't help much. x509 utility does work only with certificates in files (or stdin), so it uses d2i_X509_bio. In this case certificate is stored in the memory buffer, so it seems to be an extra overhead first to create BIO_mem from this buffer and then decode it using d2i_X509_bio. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decoding ASN.1 certificate content
Victor B. Wagner wrote: On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote: IMO a good approach is also to simple read and understand apps/x509.c Unfortunately, it wouldn't help much. x509 utility does work only with certificates in files (or stdin), so it uses d2i_X509_bio. In this case certificate is stored in the memory buffer, so it seems to be an extra overhead first to create BIO_mem from this buffer and then decode it using d2i_X509_bio. Right, but I was unprecise, on needs 1 : how to initialise the openssl library, load error strings, etv 2 : decoding, yes not using d2i_X509_bio but d2i_X509 3 : extract, and print the content /P __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decoding ASN.1 certificate content
Hi, Thank you all for the replys. I've found out what the problem was. The buffer that I sent to d2i_X509 function was bad ASN.1 buffer. After solving the cetrificate buffer retrieval everything worked great! Thanks Again, Lior 2009/5/21 Peter Sylvester peter.sylves...@edelweb.fr Victor B. Wagner wrote: On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote: IMO a good approach is also to simple read and understand apps/x509.c Unfortunately, it wouldn't help much. x509 utility does work only with certificates in files (or stdin), so it uses d2i_X509_bio. In this case certificate is stored in the memory buffer, so it seems to be an extra overhead first to create BIO_mem from this buffer and then decode it using d2i_X509_bio. Right, but I was unprecise, on needs 1 : how to initialise the openssl library, load error strings, etv 2 : decoding, yes not using d2i_X509_bio but d2i_X509 3 : extract, and print the content /P __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Lior Aharoni
Re: Decoding ASN.1 certificate content
On 2009.05.20 at 14:05:05 +0300, Lior Aharoni wrote: Hi All, ═ Can someone please direct me to the relevant OpenSSL API for decoding binary stream of the entire certificate content in ASN.1 format? It is d2i_X509 function. It has same API as all other d2i functions and return X509 structure which can be passed to various OpenSSL information functions. Unfortunately, this part of OpenSSL is quite poorly documented. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decoding ASN.1 certificate content
Hi Victor, Thank you for the quick reply. I did try to use d2i_X509 function but I get the following error: 2520:error:0D07207B:lib(13):func(114):reason(123):.\crypto\asn1\asn1_lib.c:150: 2520:error:0D068066:lib(13):func(104):reason(102):.\crypto\asn1\tasn_dec.c:1281: 2520:error:0D07803A:lib(13):func(120):reason(58):.\crypto\asn1\tasn_dec.c:380:Ty pe=X509 Do you know what might be the problem? Thanks, Lior 2009/5/20 Victor B. Wagner vi...@cryptocom.ru On 2009.05.20 at 14:05:05 +0300, Lior Aharoni wrote: Hi All, ═ Can someone please direct me to the relevant OpenSSL API for decoding binary stream of the entire certificate content in ASN.1 format? It is d2i_X509 function. It has same API as all other d2i functions and return X509 structure which can be passed to various OpenSSL information functions. Unfortunately, this part of OpenSSL is quite poorly documented. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Lior Aharoni
Re: Decoding ASN.1 certificate content
On 2009.05.20 at 15:03:09 +0300, Lior Aharoni wrote: Hi Victor, Thank you for the quick reply. I did try to use d2i_X509 function but I get the following error: 2520:error:0D07207B:lib(13):func(114):reason(123):.\crypto\asn1\asn1_lib.c:150: First of all, you should call ERR_load_crypto_strings() in your program before doing anything else with OpenSSL functions. Thus you'll receive much more readable error messages. It seems that you are passing wrong buffer to d2i_X509 function or incorrectly pass buffer length. d2i_X509 expects following arguments: 1. Pointer to pointer to pointer to X509 structure to fill. If is NULL, fresh one would be allocated 2. Pointer to pointer to input buffer. pointer to buffer, pointed by this argument, would be incremented to point to first unparsed byte in the buffer 2. Length of buffer. Your error means that length of ASN1 structure as determined by parsing is bigger than specified length. If you pass data correctly, it means that there is something else in the beginning of the buffer, than binary DER representation of certificate. It is d2i_X509 function. It has same API as all other d2i functions and return X509 structure which can be passed to various OpenSSL information functions. Unfortunately, this part of OpenSSL is quite poorly documented. __ OpenSSL Project [2]http://www.openssl.org User Support Mailing List [3]openssl-us...@openssl.org Automated List Manager [4]majord...@openssl.org -- Lior Aharoni References Visible links 1. mailto:vi...@cryptocom.ru 2. http://www.openssl.org/ 3. mailto:openssl-users@openssl.org 4. mailto:majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Decoding ASN.1 certificate content
IMO a good approach is also to simple read and understand apps/x509.c __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org