On Thu, Jul 02, 2009, rajeshk_pec99-open...@yahoo.com wrote:
> I am trying to use d2i_X509_bio to read a DER encoded certificate from memory
> BIO, but I can't get it to work. It works fine if I construct a file BIO to
> read from a file. Am I doing something wrong, or is this a bug?
>
> See the test application below that shows the problem. "der.cer" is DER
> encoded certificate.
>
> >>>>>>>>>>>>>>>>>>>>>>>>>>>
> #include <stdio.h>
> #include <stdlib.h>
> #include <stdarg.h>
> #include <string.h>
> #include <openssl/crypto.h>
> #include <openssl/err.h>
> #include <openssl/bio.h>
> #include <openssl/evp.h>
> #include <openssl/objects.h>
>
> #define MAX_CERT_LEN 20000 /* arbitrary size limit */
>
> int main(int argc, char *argv[]) {
>
> FILE *fp = 0;
> char derCert[MAX_CERT_LEN];
> long len;
>
> if (fp = fopen("../der.cer", "rb")) {
> len=fread(derCert, 1, MAX_CERT_LEN - 1, fp);
> derCert[len] = '\0';
> }
> //This is working
> do
> {
> X509 *x509Cert=NULL;
> BIO *cert;
> if ((cert=BIO_new(BIO_s_file())) == NULL)
> {
> printf("Error Initializing BIO pointer");
> break;
> }
>
> if (BIO_read_filename(cert,"../der.cer") <= 0)
> {
> printf("Error opening file\n");
> break;
> }
>
> if (d2i_X509_bio(cert,&x509Cert)!=NULL)
> {
> printf("\nReading from file success!\n");
> }
>
> }while(0);
>
> //This is not working
> do
> {
> X509 *x509Cert=NULL;
> BIO *cert;
> BIO *bioCert;
> if(( bioCert = BIO_new_mem_buf(derCert, -1)) == NULL)
> {
> printf("Error init BIO pointer");
> break;
>
> }
> if (d2i_X509_bio(bioCert,&x509Cert)!=NULL)
> {
> printf("\nReading success!\n");
> }
> else
> {
> printf("\nError Reading Certificate:%ld\n",ERR_get_error());
> }
>
>
> }while(0);
> }
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>
>
> Reading from file success!
>
> Error Reading Certificate:218542222
>
> After reading problem
> http://marc.info/?l=openssl-users&m=115689073330824&w=2
>
> I also tried to put
> BIO_set_mem_eof_return(bioCert, 0);
> after "BIO_set_mem_eof_return" but it is still giving the same error.
>
> I am new to openssl. Please do see where I am doing mistake?
DER format is binary data it is not null terminated, your call to
BIO_new_mem_buf() with -1 length will end up with a bogus length on the first
null in the certificate encoding.
You already worked out the lenght of the certifcate "len". Pass that as the
length instead.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
