Hi Erwin, thanks for your fast answer.
I dumped both the certificates in 2 PEM files, then I used the
X509_print_fp() to obtain the readable version of both of them. The two
resulting files are identical. Perhaps there is something wrong in the
invocation of the i2d/d2i functions. I'm posting an extract of the code:
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
struct T_G_4{unsigned char nonce[NONCE_SIZE]; int cert_size; unsigned char certificate[MAX_MSG_SIZE-NONCE_SIZE-sizeof(int)]; } /*...*/ T_G_4 * TG4=new T_G_4; /*...*/ peer_certificate=/* initialization function */ //this is a private member of a class and the two functions are members of the same class EVP_PKEY * pubkey=EVP_PKEY_new(); EVP_PKEY_set1_RSA(pubkey, rsa_ca_pub_key); X509_verify(peer_certificate,pubkey); //this verification returns 1 unsigned char * serialized certificate=NULL; //following the example of the openssl d2i_X509 page, NULL pointer avoids the management of the increasing pointer TG4->cert_size=i2d(peer_certificate,&serialized_certificate); //serialization memcpy(TG4->certificate,serialized_certificate,TG4->cert_size); //initialize the remaining fields and return TG4 //passing the structure to another function //other function: /*...*/ unsigned char * serialized_certificate=new unsigned char [TG4->cert_size]; memcpy(serialized_certificate,TG4->certificate,TG4->cert_size); peer_certificate = d2i_X509(NULL,(const unsigned char **)&serialized_certificate,TG4->cert_size); //deserialization X509_verify(peer_certificate,pubkey); //now it returns 0... :( /*...*/ Is there something wrong in this code? Thanks in advance. Best Regards Andrea Saracino 2011/7/27 Erwin Himawan <ehima...@gmail.com> > The way I would verify this is by writting the original X509 object into > PEM file and dumping the X509 object resulted from d2i_x509() into another > PEM file and compares both files using the openssl ; either using asnparse > or x509 command. > > > On Wed, Jul 27, 2011 at 9:46 AM, Andrea Saracino < > saracino.and...@gmail.com> wrote: > >> Hello everyone, >> I've found some issues using the function X509_verify() on a simple X509 >> certificate. After the creation, if I call: >> >> X509_verify(certificate,ca_key); >> >> the function returns 1, but if I call the i2d_X509() function on the >> certificate and then the d2i_X509() on the obtained byte string, the >> X509_verify() on the resultant certificate returns 0. >> >> I printed the certificate, in a readable format, before and after the >> i2d() and d2i() execution and the result is exactly the same. The various >> fields (issuer, subject...) have the correct values. Any ideas? >> >> Best Regards >> >> Andrea Saracino >> >> >> >> >
