PEM_write_X509

[Paul Forgey]

I'm writing a rather specialized application doing weird things with 
certificates.  I'm able to retrieve certificates from an X509_LOOKUP 
object, verify them, signed other certificates with them, etc.  But I 
can't write them to a PEM file.  No error occurs if I try, but the 
result is a small about of base64 which can't possibly be the 
certificate data.  Indeed, if I try to read it back with PEM_read_X509, 
openssl sees it as corrupt data.

Looking at the X509 structure in the debugger, it appears to be 
complete, but I'm not a master of OpenSSL's insides.  It seems to have 
all it's info and signature and stuff.

Other certificates I create, not retrieving from the store, I can write 
and read to PEM files without problem.

Is there anything I should know about X509 objects which come back from 
a store?

Here's an oversimplied bit of my code:
X509 *Store::findBySubject (X509_NAME *name) const
{
...
X509_OBJECT obj;
if (X509_LOOKUP_by_subject (m_lookup, X509_LU_X509, name, &obj) == 
X509_LU_X509)
{
  X509_OBJECT_up_ref_count (&obj)
  return obj.data.x509;
}
..
return NULL;
}

..
X509 *x509 = findBySubject (name);
if (x509)
{
  PEM_write_X509 (fp, x509);
  X509_free (x509);
}

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]