By the way sorry for the font size, it does not mean anything, it just mixed up during cut and paste.
The function to dump x509 into a certificate is is PEM_write_bio_X509() and the function to dump a x509 der file is bio_write(). Here is the doc on bio_write http://www.manpagez.com/man/3/BIO_write/osx-10.3.php erwin On Wed, Jul 27, 2011 at 8:20 PM, Erwin Himawan <ehima...@gmail.com> wrote: > ** > I would not use the X509_print_fp(), since it does not give you the PEM or > DER file. > Use intead PEM_write_bio or write_bio() for PEM and DER respectively. > Also check for error for the status of these two bio write function. > > hopefully it helps > > *From:* Andrea Saracino <saracino.and...@gmail.com> > *Sent:* Wednesday, July 27, 2011 6:05 PM > *To:* openssl-users@openssl.org > *Subject:* Re: X509 verify > > Hi Erwin, thanks for your fast answer. > I dumped both the certificates in 2 PEM files, then I used the > X509_print_fp() to obtain the readable version of both of them. The two > resulting files are identical. Perhaps there is something wrong in the > invocation of the i2d/d2i functions. I'm posting an extract of the code: > > ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// > struct T_G_4{ > > unsigned char nonce[NONCE_SIZE]; > int cert_size; > unsigned char certificate[MAX_MSG_SIZE-NONCE_SIZE-sizeof(int)]; > } > > /*...*/ > T_G_4 * TG4=new T_G_4; > /*...*/ > peer_certificate=/* initialization function */ //this is a private member > of a class and the two functions are members of the same class > EVP_PKEY * pubkey=EVP_PKEY_new(); > EVP_PKEY_set1_RSA(pubkey, rsa_ca_pub_key); > > X509_verify(peer_certificate,pubkey); //this verification returns 1 > > unsigned char * serialized certificate=NULL; //following the example of the > openssl d2i_X509 page, NULL pointer avoids the management of the increasing > pointer > TG4->cert_size=i2d(peer_certificate,&serialized_certificate); > //serialization > memcpy(TG4->certificate,serialized_certificate,TG4->cert_size); > //initialize the remaining fields and return TG4 > //passing the structure to another function > //other function: > /*...*/ > unsigned char * serialized_certificate=new unsigned char [TG4->cert_size]; > memcpy(serialized_certificate,TG4->certificate,TG4->cert_size); > peer_certificate = d2i_X509(NULL,(const unsigned char > **)&serialized_certificate,TG4->cert_size); //deserialization > X509_verify(peer_certificate,pubkey); //now it returns 0... :( > > /*...*/ > > Is there something wrong in this code? > Thanks in advance. > > Best Regards > > Andrea Saracino > > 2011/7/27 Erwin Himawan <ehima...@gmail.com> > >> The way I would verify this is by writting the original X509 object into >> PEM file and dumping the X509 object resulted from d2i_x509() into another >> PEM file and compares both files using the openssl ; either using asnparse >> or x509 command. >> >> >> On Wed, Jul 27, 2011 at 9:46 AM, Andrea Saracino < >> saracino.and...@gmail.com> wrote: >> >>> Hello everyone, >>> I've found some issues using the function X509_verify() on a simple X509 >>> certificate. After the creation, if I call: >>> >>> X509_verify(certificate,ca_key); >>> >>> the function returns 1, but if I call the i2d_X509() function on the >>> certificate and then the d2i_X509() on the obtained byte string, the >>> X509_verify() on the resultant certificate returns 0. >>> >>> I printed the certificate, in a readable format, before and after the >>> i2d() and d2i() execution and the result is exactly the same. The various >>> fields (issuer, subject...) have the correct values. Any ideas? >>> >>> Best Regards >>> >>> Andrea Saracino >>> >>> >>> >>> >> >
