You can use PEM_write_bio_X509 or PEM_write_X509 to save X509 into a FILE. You can use PEM_read to read this PEM file when you need it.
On Sun, May 6, 2012 at 10:36 PM, Josh <mojo1...@privatedemail.net> wrote: I have a very simple query: as a result of SSL/TLS negotiation I know I > could retrieve a pointer to the remote peer x509 structure, possibly via > "SSL_get_peer_certificate". > > What I would like to do is this: 1) get that remote certificate stored in > a file in a suitable format, so that I could further have a look/manipulate > it via openssl (the command line program); and 2) if possible, retrieve the > whole certificate chain (remote peer + CA/issuer) and store it also in a > file for further examination/manipulation by openssl. > > The reason I am doing this is also very simple: as a result of SSL/TLS > negotiation (remote socket connection) I have the option of verifying the > remote party. That verification depends on the local party having the whole > certificate chain (remote peer + CA/issuer) or, at the very least, the > CA/issuer certificate. > > This, for various reasons which I won't bother you with, is not always > possible, so in order for me to make the connection I have to temporarily > disable the verification of the remote peer, retrieve the remote peer > certificate chain, save this in a file using suitable file format, examine > it, and if I determine that this chain is to be trusted, use it and enforce > remote peer verification from now on, having obtained the appropriate > certificates. > > Is this possible? > ______________________________**______________________________**__________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
