Ok.
In the doc, I think i2d_X509() is adequate to encode X509 *cert; The doc
says :
int i2d_X509(X509 *x, unsigned char **out);
i2d_X509() encodes the structure pointed to by *x* into DER format. If
*out*is not
*NULL* is writes the DER encoded data to the buffer at **out*, and
increments it to point after the data just written. If the return value is
negative an error occurred, otherwise it returns the length of the encoded
data.
Now, the function which adds certificates into shared map is like this :
int addCertIntoMap(const char* uri, const char* certificate, unsigned int
clen, time_t duration);
uri is the key, const char* certificate is the certificate to add into map.
My question :
DER format will be stored in an unsigned char **out. In addCertIntoMap, we
add a const char* certificate. I do not know how to write the code. I want
to write somthing like this :
X509* peerCert = SSL_get_peer_certificate(ssl);
unsigned char **DERcert;
i2d_X509(peerCert, DERcert);
addCertIntoMap(uri, DERcert, len, time); // but here DERcert is char** and
not char* ...
to summarize : my problem is how to write it now.
Thanks for your help.
2011/3/11 Dave Thompson <dthomp...@prinpay.com>
> (I avoid HTML on lists, but editting this back to plaintext was too hard,
> sorry)
>
> ------------------------------
> *From:* owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *ikuzar
> *Sent:* Wednesday, 09 March, 2011 08:38
> *To:* openssl-users@openssl.org
> *Subject:* Re: convert x509 cert into string and store certs in cache
>
> add to previous post, I 'd like to know what is the best format for
> storing item in map. Item is here a struct which encapsulated certificate
> object ( as shown in previous message ).
> I think about DER format ... is it a good idea ?
>
>
> If you want sharing processes to use the cert, yes.
> (You need some serialized format for sharing;
> there are other serializations that could work in theory,
> but DER is by far the most convenient for openssl.)
>
> 2011/3/9 ikuzar <razuk...@gmail.com>
>
>> <snip>
>>
>> => I want to make something like :
>>
>> template<class StrType> struct certificate : shared {
>> StrType uri;
>> StrType sn;
>> StrType data;
>>
>> certificate(X509* cert) {
>> char commonName[512];
>> subject_name = X509_get_subject_name(cert);
>> X509_NAME_get_text_by_NID(subject_name, NID_commonName, commonName,
>> 512);
>>
>> uri = commonName;
>> sn = get_sn(cert);// I 'll deal with it later
>> data = get_data(cert); // I 'll deal with it later
>> }
>>
>> -- then, this certificate defined above is encapsulated in a cacheitem
>> structure.
>> -- In fact, map stores a range of cacheitem. Map will be read and written
>> from different 'forked' childs :
>> -- there is a class certmanager which manage these cacheitems ( add, get,
>> delete items from cache, ...etc). I use URI as key for map.
>> For example, I 'll search item which URI = 213...@etu-univ.com
>>
> <snip>
>>> => I have to store in the certificate an URI which identify an user.
>>> this URI is like this : phone_number@domain. example :
>>> 0123456...@etu-univ.com ( this is a SIP uri ). I though I could store it
>>> in CN ... was I wrong ? have any other suggestion ?
>>>
>>
>>>
>> That could be the body of a subset of SIP URIs, but by itself is not a
> URI.
>
> If you are issuing the cert(s), you can put practically anything you want
> in CommonName.
> (Using control characters or escape sequences or suchlike would be a bad
> idea,
> but any normal data that identifies the subject is reasonable.)
>
> If you (or your users) are obtaining the cert(s) from a CA, it depends on
> the CA.
> You can request anything in the CSR, but it's up to the CA whether they
> approve it.
> Typically they demand you own or control the domain, address, or whatever.
>
>
>
