Hi,
I had a small program as shown below to read a self-signed DER encoded certificate from
Linux filesystem and still want to keep it in DER format in "buf". Therefore, I use both
"d2i_X509_bio" & "i2d_X509" to achieve this. Unfortunately, I encountered some problems
when I printed the contents of the "buf":
1. there were 2 bytes shorter than the original certificate size
2. looks like both the "version" & "serial number" contain 3-byte data instead of 4 bytes (the
following 9-bytes algorithm MD5withRSA looks ok though). I don't know what are the
first 10-byte data?
3. Besides 2 bytes shorter, there were several bytes changing their values w/ unknown reason
4. I use "openssl" with -C option to read this certificate and had the same problem - 2 bytes
short and some values changed (i.e., my test program should be ok :-)
Does anyone know this strange behaviour or any suggestions? Thank you very much.
This is the first 32-bytes of data from both original file & "buf"
---- original -----
30 82 02 a6 30 82 02 0f a0 06 02 04 00 00 00 02 02 04 00 00 00 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04
---- in buf after d2i_X509_bio & i2d_X509 ----
30 82 02 a4 30 82 02 0d a0 05 02 03 00 00 02 02 03 00 00 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04
---- Part of my test program ----
static int
load_cert(BIO *err, char *file, int format)
{ X509 *x=NULL;
BIO *cert;
BIO *STDout=NULL;
int len = -1;
unsigned char *buf = NULL, *p; if ((STDout=BIO_new_fp(stdout,BIO_NOCLOSE)) == NULL) {
ERR_print_errors(err);
goto end;
} if ((cert = BIO_new(BIO_s_file())) == NULL) {
ERR_print_errors(err);
goto end;
} if (file == NULL)
BIO_set_fp(cert, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(cert, file) <= 0) {
BIO_printf(err, "Unable to read %s\n", file);
goto end;
}
} if (format == OPENSSL_FORMAT_ASN1)
x = d2i_X509_bio(cert, NULL);
else if (format == OPENSSL_FORMAT_PEM)
x = PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
else if (format == OPENSSL_FORMAT_PKCS12) {
PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
PKCS12_parse(p12, NULL, NULL, &x, NULL);
PKCS12_free(p12);
p12 = NULL;
} else {
BIO_printf(err,"bad input format specified for input cert\n");
goto end;
}end:
if (x == NULL) {
BIO_printf(err,"unable to load certificate\n");
} else {
if ((len = i2d_X509(x, NULL)) < 0) {
ERR_print_errors(err);
BIO_printf(err,"unable to do i2d_X509\n");
goto cleanup;
} if ((buf = malloc(len)) == NULL) {
BIO_printf(err,"unable to allocate memory\n");
goto cleanup;
}
/*
* i2d_X509 will increment the buf pointer so that we need to
save it
*/
p = buf;
if ((len = i2d_X509(x, &p)) < 0) {
ERR_print_errors(err);
BIO_printf(err,"i2d_X509 failed\n");
free(buf);
goto cleanup;
}
printf("This is X509_print output: \n");
X509_print(STDout, x);}
cleanup:
if (cert != NULL) BIO_free(cert);
if (x != NULL) X509_free(x);
return(len);
}_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
