Re: convert certifikate to opensll

Mon, 07 Mar 2005 04:20:01 -0800 

On Mon, Mar 07, 2005, T. Quirin wrote:

> Hi,
> I have the following problem. I get my certificate form my Netkey 
> smartcard with opensc. Now, I want to use it with openssl. But my 
> program exit with error code  -3:
> 
>    #include <string>
>    #include <openssl/bio.h>
>    #include <openssl/pem.h>
>    #include <openssl/bn.h>
>    #include <openssl/sha.h>
>    #include <openssl/rsa.h>
>    #include <openssl/objects.h>
>    #include <iostream>
> 
>    #include "verify.h"
> 
> 
>    using namespace std;
> 
> 
>    int verify::verifyHash(const string & hash, const string & sign,
>                            string & cert ){
>    cert="-----BEGIN
>    
> CERTIFICATE-----\nMIICDjCCAXqgAwIBAgIEANLehDAKBgYrJAMDAQIFADBQMQswCQYDVQQGEwJERTEc\nMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEjMAwGBwKCBgEKBxQTATEwEwYD\nVQQDFAxOS1MgQ0EgMTY6UE4wIhgPMjAwNDA5MjcxMDUyMDdaGA8yMDA3MDkyNzEw\nNTIwN1owNDELMAkGA1UEBhMCREUxJTAMBgcCggYBCgcUEwExMBUGA1UEAxQOTktT\nIDA0IEEgOTAxNjAwgaAwDQYJKoZIhvcNAQEBBQADgY4AMIGKAoGBAImVDgcZSW6W\nu6c19kBPVON6/dpnUdWFiKCW346+KoRNWZzeqwoGF6ikF1Ws6YntVHFtx/486aYh\n5s9jYRHqjlYqtY8wO9Raw4JMb0BeuonqLufwe5HU4BWV+Y1irCDnz8FEceOKFGrZ\ndQzxaDW52wpCsjMaWOcdSZD9O4vUSXABAgRAAACBoxIwEDAOBgNVHQ8BAf8EBAMC\nBsAwCgYGKyQDAwECBQADgYEAWVSghI9COFd97KTyq1pDn3JsJCXBoMMratVMG2vJ\nJbokEQJeVbwdaEHVKi3LYUFMoWfkxi1e9LwQaVWzppDhpg4lmkThxCYX2TLTmTtZ\nqxB4EXyKd1WXcJyLLKDzJJHyIQYQi/tc9vNcptEvGQwd38Yei7PmN7OZ49SrDK+w\nLcs=\n-----END
>    CERTIFICATE-----\n\n";
>    if(hash.length() != 20) return -1;
>    if(sign.length() != 128) return -2;
>    char sha1[21];
>    char signature[129];
>    RSA *r;
>    X509 *x509Cert;
>    hash.copy(sha1, 20);
>    sign.copy(signature, 20);
>    char buffer[999999];
>    cert.copy(buffer,cert.length()); //! I kown it is not secure (only
>    for testing)
>    unsigned char *cp = (unsigned char *) buffer;
>    cerr << cp;
>    x509Cert = d2i_X509(0, &cp , cert.length());
>    if (x509Cert == NULL) return -3;
> 
> 

You are using d2i_X509() which is for DER format on a PEM format certificate.

You should either convert the certificate to DER or use a memory BIO and call
PEM_read_bio_X509() on it.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to